Bitcoin Forum

Initially reported on Reddit it is now mainstream news:

https://www.financemagnates.com/cryptocurrency/news/hackers-steal-250-btc-from-electrum-bitcoin-wallets/


The official Electrum Github confirms the exploit / phishing attack.

The user appears to connect via the genuine wallet and is prompted to upload a fake "update". As part of the "update" they are prompted to enter their 2FA code. This is then used by the attackers to empty their electrum wallet.

Updates do not require a user to enter their 2FA

https://github.com/spesmilo/electrum/issues/4968


https://user-images.githubusercontent.com/29142493/50359293-8780b500-055c-11e9-8cfd-83b342edeffb.png


https://i.imgur.com/pz4GEgN.png

https://i.imgur.com/OWxenVj.png

Unfortunately such attacks are very common and you can't be careful enoug so it's good to use every possible protection you can implement. Hackers are very active and will always misuse any vulnerability they find.
In this case they've taken really nice sum of Bitcoin and there is nothing that could be done about it.

Yes it is unfortunate. Awareness reduces victims.

Electrum generally is a good product. There is a lot to be learned from exploits.

Where this phishing is unique is that it is prompted by a visit to the genuine site. So it is a Electrum server exploit prompting users to be phished.

There's a few harsh lessons to unpack here.

When downloading a new wallet release, make sure you're on the genuine site. In this case, it was a fake Github repository. The official Github wasn't compromised, nor was electrum.org.

Next, always verify the release signature. This is how to do that for Electrum (https://www.reddit.com/r/Bitcoin/comments/3gygtk/electrum_verifying_the_downloads_authenticity/cu2sb48/). I would also recommend using Electrum as an offline wallet (http://docs.electrum.org/en/latest/coldstorage.html) for additional security.

no wonder there is a warning when i opened my account.  these hackers are one of the reasons why people lose their confidence with crypto... something ought to be done about this. really sad.  :( >:(

Thanks for sharing it here, I definitely would have missed this news, since I barely visit Reddit any more.
Luckily I only use Electrum to receive small amounts, but it would have sucked if I'd fallen for this.

It prompted me to check out the official Electrum Github page, just so I can memorize that account.

Regardless, I think I'll just always download the binaries from their official website and update manually.

From the article in the original post:

" A litany of concerned users are reporting their wallets have suddenly been drained out – without any notification or action on their side."

This is bullshit, people who lost their coins were tricked into downloading and running malicious client.

"When ‎entering a login and password, the site steals funds from user ‎accounts.‎"

The site is github, it doesn't steal anything. The theft occurs after victims open their Bitcoin wallet files with their new malicious wallets.

theymos posted about it too yesterday to warn Electrum users. The News/announcement is still there, above the main menu bar.

---

Big problem that the error message pop out inside the official electrum wallet. Probably, there are people who will be deceived.

I think in our time it has come to the norm as such things happen very often, I personally have faced with phishing and it is unpleasant maturing. Be careful friends money losing is always very painful.

I read this yesterday on reddit, this is pathetic, this is part of why many still fear investing in Crypto. My question is how do we keep this community from hackers or make it more difficult for hackers. I believe the hackers wallet should be monitored and possibly trace for a possible final sell-off regardless of the time frame.

Hackers wallets are monitored. There are several projects doing that.

It's unconscionable that someone would deliberately target a client favoured by casual users.  It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them. 

I use electrum but haven't opened it for a while, luckily i did not use it yesterday otherwise i might have been tempted to update it as instructed. Good to know about this particular scam, i'll be wary of it for future attacks

It is terrible for those that were victims of the attacks but I do view what is currently happening as "beta testing".

If we learn lessons from it and better the code and security protocols then it wasn't lost without something being gained from it.

The only thing that you can do to protect yourself is to keep your eyes open to anything that seems suspicious because if you fall for a trick like this there is no way to recover your bitcoin, while bitcoin give to us the power of being banks this also means that you have the responsibility of securing your coins as if you were your own bank, so if possible store most of the coins that you have in cold storage so this doesn't happen to you.

What are the hacker addresses?

this has a very tricky wording!
users are NOT redirected anywhere. instead they are simply shown a message that is encouraging them to click a malicious link. since that link is inside their wallet application they don't think it is malicious and click it, then they are "redirected" to where the malicious app is which they have to download and install to steal their coins.

Electrum is free software, with many crypto users interested in using it so hackers learn hard to hack it, I think this will continue to take the toll of Electrum users who don't read the news about this, hoping that Electrum will quickly improve the security system better and unique

Be careful to say hack in the conventional term. This was basically a phishing/social engineering attack, nothing more. It's not like the attackers were able to get crypto w/o the action of the individual owning the account.

I put 50% on the users who failed to understand how to complete due diligence w/ their downloading, and 50% on Electrum devs for failing to see how allowing server admins to send messages out to Bitcoin users could have been abused.

Early this year too there was an attack on Electrum and a warning was pinned here by Theymos or some guy. It was at that point I stopped using that app. I had to be sure my little satoshi was safe than sorry. Electrum should fix this hacking problem to save it reputation.

Electrum wallet is too vulnerable to hacking. Almost every year we hear bad news like this about the wallet. the team should look for reliable security means to protect users.

Yeah, it was happening recently. I wonder why electrum wallet can give rich text warning to the users even from the untrusted server.
I read the article, hackers set several servers so they can catch their victim with higher chance.
On the last update of electrum wallet, i read that the hackers cannot pop up the rich text warning anymore. Any update now ?

the link that the attacker was pushing to clients to fool them was on github, which was reported and removed the same exact day. i haven't heard of any change or new link popping up yet so basically it was over the same day i think.
as for the update, the new versions still can show you the malicious message if the server sends you one but it won't be formatted anymore. so you won't see a "link", instead it will be a messy text with its markups.

I think its time for us to make  awareness of all this hacking tips and trick .. allot people  are afraid to join the crypto  race because all this hackers ..  and every Team must strengthening their security features so that newbie and beginners  cant lose the coins ..

It's upsetting, but unfortunately we should expect it from a rational point of view. Casual users are less likely to have strong security protocols and more likely to fall for social engineering attacks like this. For most people, malware has never carried great consequences -- Bitcoin is changing that in a big way. Finding a balance between user-friendliness and security is really hard.

There has been a lot of news about Electrum recently. I guess it's expected to happen. But this time the figure is very serious.

And there is a warning on BTT News you can look at it: https://bitcointalk.org/index.php?topic=5090097.0

(From BTT:  Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them.)