Bitcoin Forum

See details by clicking on the image:

https://image.prntscr.com/image/_9yEE65URZqP64LCW7J7aA.png (https://nulltx.com/electrum-wallet-botnet-infects-150000-machines-steals-4-6-million-in-user-funds/)

Again, not a scam accusation. Move.

Thanks, just moved to bitcoin discussion from scam accusation board. I think now it is okay, if not let me know. Thanks a lot.

I don’t know why anybody is still using Electrum, this happens all the time. People download a gogus update & BAM, their coins are gone. Makes me sad to see it.

Is this real? Yet another problem with Electrum.

Time to switch to a different wallet, this is unacceptable.

I thought that happened with every kind of software and website? Visit a fake website and BAM, accounts stolen. Download a fake software and BAN, rip passwords, coins and personal data.

It’s up for the user to identify what is real/safe and what is not.

Core has infected impersonators.

---

It’s a DDoS attack ffs. Nothing really changed from last time.

Did you try reading the article?

There is a special board on this related to Electrum wallet. There you can even stay in contact with Electrum developers: https://bitcointalk.org/index.php?board=98.0
Also it is better to add a link to the source of those news. I would like to see more details.
I guess, the same thing would keep happening with every popular Bitcoin wallet or crypto related service. The more people use it - the bigger piece of cake it would be for scammers.

It is already on the board you mentioned.

Probably you have not read my post. You can see source link if you click on the image. Thanks.

The 'electrum botnet' (what a stupid name chosen from you) doesn't infect anything with malware.

I might get a lot of hate for this statement, but..
People who can't use their common sense and simply just click on 'download' and 'install' just because there is a known name mentioned somewhere,
should stay far far away from crypto and should never store any sensitive (or for them valuable) information on an electronic device.

Not just that the phishing attempt is very low-skilled, currently there is just a DoS going on.. no infection, no malware, no stealing funds.
If you have your wallet updated to v3.3.3+ (which you should..), you won't even get the cheap phishing message.. just switch to a different server and everything is fine..

I used to have electrum wallet, but since previous attacks on it despite their efforts to update their security, it seems that it's really not ideal to use electrum.
Stay safe, better to secure your bitcoin on hardware wallet than online wallets.

There was no vulnerability above a 3.0/10 based on CVSS (https://www.first.org/cvss/).

All a malicious server could do, is to show you a message. That's all. No influence on confidentiality, integrity, availability.
The security is (and was) high. At least as good as a software wallet can be. No influence at all.




Electrum is not an online wallet. It is a software- (or desktop-) wallet.

---

Edit:
If you can't find a server which is not under DoS and not malicious, ask mocacinno to whitelist your IP for his server.
He is voluntarily hosting an electrum server for the bitcointalk.org community. (https://bitcointalk.org/index.php?topic=5130661)

What were the previous issues with Electrum and when did they occur?

the issue was that the electrum servers you connected to could send you any message they liked with any arbitrary contents and your wallet would have shows these messages as received. so some malicious people started exploiting it and started sending links through that message and encouraged people to download a malicious software disguised as "new version" with a fake link. people who fell for that and downloaded this malicious binary without checking the link and the signature of the file (as they should have) lost money.
it happened on December last year (https://github.com/spesmilo/electrum/issues/4968)

I think we need to prevent from the thief that wants to steal our bitcoin from the electrum wallet. I already move all of my bitcoin from electrum to another wallet, and I hope that soon after the developer has fixed the problem, it will not get trouble in the future.
But if the wallet is fine and people download the wrong wallet, then the mistake will be on the user side, and they need to double check the links to get the wallet or download the update.

- I think Electrum was under attack, cause it is one of the best wallet out there. It attract users and so are thieves.

- Any wallet/exchange could suffer from such an attack, the standard here is your knowledge, if you're educated enough you wouldn't lose a single satoshi.

Exactly, situation with Electrum has just shown that users know a little about basic use of cryptocurrency or just about using PC / internet in a safe way. Fact that even after all warnings and the time that have passed since the beginning of phising attacks some users still become victims, speaks for itself. I would say that some other solution is far better option for crypto wallet, but users who get tricked with this will probably at some point lost coins even with HW by keeping seed in an unsafe way, or by typing it on some fake software like fake Ledger Live.

I see. Thank you for the explanation.

If that issue is now over and has been fixed then I see no problem with using Electrum.

In the event of using Bitcoin just for checking say for example on a server for ecommerce (address generating and payment checking) purposes where a UI would not even be needed, it would still be a great asset to utilise.

there was never a problem with using Electrum before either. the user had to ignore a bunch of very important security measures to actually lose his coins. they had to go to a malicious website which was not the official website they had downloaded Electrum before, then they had to install a software while ignoring the importance of checking digital signatures. and to top it off they had to be holding their coins in an online wallet instead of cold storage.

when it comes to wallets the security is not always about how safe the wallet itself is, but it is about how safe and cautious the user is. by simply checking digital signatures and using cold storage more than 90% of the loss cases (in general not just with Electrum) would have been eliminated.

I will not sync a full Bitcoin chain on my hard drive, that is why I prefer Electrum.

If you use electrum then it will not occur any problem until you open any phishing link. If you open any phishing link then you may loss all of your funds.

Electrum is a fantastic wallet for those that do not want to sync nearly 200GB of Bitcoin blockchain.