Bitcoin Forum

Bitcoin => Electrum => Topic started by: Dractox on June 02, 2019, 02:23:52 PM



Title: Electrum Bug
Post by: Dractox on June 02, 2019, 02:23:52 PM
Hello,

I have used Electrum previously a while ago and have just tried to use it again and it had to upgrade to the latest version.

I've done this.

I have then tried to purchase something.

I have copied the recipients address, put it in and then inputted the amount to send double checked these and then click send.

Then Electrum has automatically changed the address ID and inputted all the mbtc in my account and sent it to this invalid address.

Please can someone help recover this or is it all gone?

Thank you,


Title: Re: Electrum Bug
Post by: gentlemand on June 02, 2019, 02:26:26 PM
It's likely to be all gone I'm afraid.

https://thenextweb.com/hardfork/2019/04/16/behind-the-scenes-electrum-hackers-steal-4m-with-bitcoin-phishing-attacks/

Hackers have been tricking users into downloading compromised versions of Electrum through that upgrade message.


Title: Re: Electrum Bug
Post by: Dractox on June 02, 2019, 02:31:45 PM
It's likely to be all gone I'm afraid.

https://thenextweb.com/hardfork/2019/04/16/behind-the-scenes-electrum-hackers-steal-4m-with-bitcoin-phishing-attacks/

Hackers have been tricking users into downloading compromised versions of Electrum through that upgrade message.



Thank you for this information.

Is there a better wallet I can use for future?

Thank you,


Title: Re: Electrum Bug
Post by: gentlemand on June 02, 2019, 02:37:43 PM
What platform do you use? If it's a PC I would start off by not using a PC. Hardware wallets are the most secure if you transact regularly. For smaller amounts a phone wallet will still much more secure than anything on a PC. I use Mycelium on a phone.


Title: Re: Electrum Bug
Post by: bones261 on June 02, 2019, 02:43:01 PM
Thank you for this information.

Is there a better wallet I can use for future?

Thank you,


     You may continue to use Electrum; however, only download updates from this site: https://electrum.org. Also, learn how to verify PGP signatures.
Also, you can consider your device in now compromised. You may need to wipe and reinstall your OS before using it again. Also, consider getting a hardware wallet like Leger or Trezor. If you have this type of malware, the malware would have to request the Hardware wallet redo the signature, and you will be prompted again to approve or disapprove. If you are paying attention and disapprove, the malware won't succeed.


Title: Re: Electrum Bug
Post by: Dractox on June 02, 2019, 02:48:43 PM
Okay.

I have been using PC but after this I am going to switch to my phone instead and try out mycelium.

Thank you,


Title: Re: Electrum Bug
Post by: TryNinja on June 02, 2019, 03:01:05 PM
You may continue to use Electrum; however, only download updates from this site: https://electrum.org. Also, learn how to verify PGP signatures.
Complementing bone261's post: if you're going to keep using Electrum on your PC, learn how to verify the file signatures. This way, you can be sure that what you're downloading is legit (regardless of the message you received, or link you followed).

Here is a quick guide about it: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/


Title: Re: Electrum Bug
Post by: Dractox on June 02, 2019, 03:05:12 PM
You may continue to use Electrum; however, only download updates from this site: https://electrum.org. Also, learn how to verify PGP signatures.
Complementing bone261's post: if you're going to keep using Electrum on your PC, learn how to verify the file signatures. This way, you can be sure that what you're downloading is legit (regardless of the message you received, or link you followed).

Here is a quick guide about it: https://bitcoinelectrum.com/how-to-verify-your-electrum-download/


I wish i'd known this sooner but I'm going to try out this one on my phone from now on.

Thank you for your Help


Title: Re: Electrum Bug
Post by: bL4nkcode on June 02, 2019, 03:44:27 PM
I wish i'd known this sooner but I'm going to try out this one on my phone from now on.

Thank you for your Help
Just always remember that you have to download the official app from its main source or website to avoid phishing apps,  make sure your phone is malware free in the very first place.


Title: Re: Electrum Bug
Post by: o_e_l_e_o on June 02, 2019, 07:19:19 PM
Also, consider getting a hardware wallet like Leger or Trezor. If you have this type of malware, the malware would have to request the Hardware wallet redo the signature, and you will be prompted again to approve or disapprove. If you are paying attention and disapprove, the malware won't succeed.
This is the best advice. Google and Apple mobile stores are absolutely teeming with fake and scam wallets, filled with fake 5 star reviews, often with similar or identical names and images to established wallets, hoping that you will download them so they can again steal all your coins. The best option is to buy an established hardware wallet (Ledger or Trezor) direct from the vendor. Even if you are using fake or scam software in conjunction with your hardware wallet, you are still protected as you need to manually approve every transaction on the hardware wallet, and this cannot be faked.


Title: Re: Electrum Bug
Post by: pooya87 on June 03, 2019, 03:08:57 AM
Is there a better wallet I can use for future?

you should know that it really doesn't matter what type of wallet you choose IF you are not using them correctly or taking the necessary security precautions to protect yourself. phone wallets, PC wallets, hardware wallets, even paper wallets are unsafe if you are careless with them. of course some are safer by design but there is no 100% safe wallet. for instance if you have a clipboard hijacker you still may send coins to a wrong address (that the hijacker sets when you copy addresses) even if you use a hardware wallet.


Title: Re: Electrum Bug
Post by: o_e_l_e_o on June 03, 2019, 05:00:22 AM
for instance if you have a clipboard hijacker you still may send coins to a wrong address (that the hijacker sets when you copy addresses) even if you use a hardware wallet.
This is true, but the risk of this attack being successful is significantly smaller on a hardware wallet than it is on a software wallet, as you have to check the transaction address on the hardware wallet before you can sign the transaction. Essentially, an attack like this can only be successful on a hardware wallet if you aren't paying attention and following the proper steps.


Title: Re: Electrum Bug
Post by: bob123 on June 03, 2019, 08:49:09 AM
I have been using PC but after this I am going to switch to my phone instead and try out mycelium.

You are not much more secured on a mobile.

If you don't change your habits regarding electronic devices, you are prone to lose your coins again.

It doesn't matter which wallet you are using, just make sure to not download fake scam wallets and to not download any shady stuff onto your device.
Make sure to always have your software / OS up-to-date and you are relatively safe.


If you want to be more than just relatively safe, get a hardware wallet or get a dedicated (offline-)device to store your coins.


Title: Re: Electrum Bug
Post by: NeuroticFish on June 03, 2019, 03:19:34 PM
You are not much more secured on a mobile.

Yup, imho a mobile device is even less secure than a (Windows) PC.
OP, if you handle meaningful amount of money through Bitcoin I advise you buy a hardware wallet. They are not so expensive nowadays (under 75$).
(And if you want to also hold, make safely some paper wallets for that.)