Bitcoin Forum

news from heise:

https://m.heise.de/security/meldung/Bitcoin-und-Litecoin-Klau-bei-Electrum-Electron-Cash-und-Electrum-LTC-moeglich-3936813.html

all my Bitcoins are lost  :-[

are you just sharing a news link or did you actually lose bitcoin? and by the way the site is just addressing the same issue as the sticky warning on top of bitcointalk: https://bitcointalk.org/index.php?topic=2702103.0 about the JSONRPC from versions 2.6 till new releases that fixed it.

in case you actually lost bitcoin, would you mind telling us why you think this is the reason you lost bitcoin and not the fact that you didn't have password set on your wallet? because it may as well have been a simple malware that stole the file itself. something like a keylogger but a little advanced.

It seems to me you are download fake Electrum wallet and you you could not download version 3.0.5 on Friday 5.1.2018,it was not out yet.There is many fake sites which use Google add to be displayed at the top of search results,only legitimate site for download Electrum is : https://electrum.org/#home

Second thing which indicates that you have fake wallet is fee hacker use to send your BTC to his address-he want to get this transaction confirmed very quick so he use 725.947 sat/B which is even more then highest recommended fee.

You are not only one who lost BTC in this way,but I leave the possibility that something else might have happened-although it is unlikely that it is.

It certainly wasn't Electrum v3.0.5 that caused this. That transaction was sent AND confirmed before Electrum v3.0.5 had even been released.

Chances are that your old Electrum wallet was compromised in some way (malware on PC, keylogger getting seed, fake Electrum stealing keys). If, as you claim, you had a password on your wallet, then you were NOT a victim of any theft caused by the recently discovered vulnerability.

That security flaw would only show seeds/private keys if you had NO password on your wallet file AND you happened to visit a website that was running the malicious code... while your Electrum wallet was open.

Can't really blame Electrum for it when the wallet itself are trusted by the community.
Either you have malware on your PC or you've downloaded fake electrum.
Try to check the hash of .exe that you've downloaded and see whether it matches the real hash or not.

Either way, I understand if you don't want to use electrum anymore, try to go with hardware wallet next time :)

Bad news..
Where you download new version? Check history and log, please post link here..
Was been you browser active at this moment?

Then this bug is not the cause of the theft. You must have downloaded a dodgy copy of electrum or got infected with malware some other way.  Please check your browser history to find out where you downloaded electrum from.

since your wallet was protected with a password, it is unlikely that this theft is related to the vulnerability exposed last week.


you should definitely explain what you mean by that.
did 3.0.3 display a history where the theft transaction is missing?

is version 3.0.3 still installed on your machine?
if yes, please check the sha256 of the file you downloaded.

also, better stop using that computer and have it investigated by a security expert.

Well there are two options:
1. Your password was very very weak
2. This theft is not related to the vulnerability in electrum

The exploitation of the vulnerability needs an website to actively exploit this vulnerability.
It doesn't 'just happen' when browsing youtube.

Did you verify the signature of your downloaded file?
You can find all relevant data on electrum's site (https://electrum.org/#download (https://electrum.org/#download))



How can you be that sure that its not possible for your pc to be compromised?
Just because you have an AV and windows says 'firewall' in the bottom right corner, that doesn't mean you are safe at all.
Did you check your system? What AV's did you use to check your pc ?
Did you have a digital backup of your seed?

For the record: I am the Electrum developer who answered this user's emails, and we only checked his 3.0.5 download, because he claims to have deleted 3.0.3

when i was trying to download new version 3.0.5 from my old electrum wallet i clicked  the help button and the link  is www.electrum.org because i though i clicked from my old electrum i don't mind although i read from theymos this is the link,electrum.org.i tried to download the 3.0.5 version for windows but  it's just not working at all.and then i download again from electrum.org still not working for my windows so my solution is using   Standalone Executable download and i can open eletrum wallet but this is not install in my computer.from there i  transfer all my fund to other exchange.lucky everything went smooth.
they said =Note: Some old versions of Windows might need to install the KB2999226 Windows update.
i don't want to install something that i don't understand including this KB2999226.lucky i do what what i think the best solution for me.

what is there to understand? it is a Windows update released by Microsoft the same company that released the Windows you are already using! and you download it through Microsoft itself.
it is an update for Universal C Runtime (CRT) in Windows. if you are curious about the details read the kb article from Microsoft official website:
https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows

Let me say first that I feel for your loss, and my advice to you is to get your bitcoins off of computers and onto either hardware wallet like Trezor or paper wallets.

It may interest you, I have just now been writing a fictional scenario where an intruder activates the camera on her target's PC, and simply reads the password the target enters and then reads the numbers on the 2FA authentication device.  The intruder types the 2FA in quicker than he does, and locks him out.

Yes I made that up. It's fiction. Now I've publicly stated it, so maybe tomorrow the bad guy tries it out.

Do we know all the routes a bad guy might take? Nope, you cannot.

In all of this, I think the bone of contention is one should be careful of where to download the wallet as even the vulnerability scare makes amateurs hackers carry out their activities because they know everyone who has an Electrum wallet will be in a haste to upgrade and not even bother to verify the site in which the download is to be made. Some other people because of the pressure and the amount involved just typed in Google in other to upgrade ASAP only to discover that it was at the point of trying to become more secure that they become way more vulnerable. The onus is on us to exercise much more patience even in the face of unending pressure.

You must have downloaded a fake electrum wallet because last time I checked there is no updates regarding the electrum wallet you are stating. Also, you may try cleaning up your PC and it installed by a strong anti-virus to avoid getting accessed with these kinds of malicious sites, maybe your relying on free anti-virus which is very much weak and cannot be considered as mere protection against these type of attacks.

I guess they download wrong electrum wallet, because if they download the original wallet they cannot experience problem. I also used electrum wallet and the problem I can see in this wallet is charges or payment is very high compared with the other wallet. Because when I withdraw my amount stored in this wallet almost half of my bitcoin will be used for payment.

i have this problem too.
i have install electrum 3.0.3 at 26.01.2018
after 2 days i have see a output transaction and all my bitcoin lost.
don't use electrum! shit!

From where you downloaded? Did you checked the PGP signature?

from official site and not 3.0.3 version but 3.0.5

There are several ways you have lost your BTC,and the one that is most likely is that you download Electrum from fake site.At that time there is many fake Electrum sites shown at the top of search results and if you not careful and check site you got fake Electrum.The only legitimate site for download Electrum BTC is https://electrum.org/#home

Other way is that you have some RAT(remove access trojan) on your device,so hacker is get your private keys/seed.Electrum is completely safe if it is download from official site and if user device is clean from virus/malware.

Version 3.0.5 didn't contain any vulnerability.
The most probable scenario is that your pc got infected by malware which led to a theft of your coins.
Did you check the signature? Or at least comparing the hashes? This could exclude a malicious version of electrum.
Was your wallet password protected?

You should definetely run some anti virus checks.

It's really hard to say what happened but very sorry to the OP that it did.  Could it be that the electrum site was hacked or the more likely possibility others mentioned that the poor OP visited a very good looking scam site?
It's time to make it easy to secure cryptocurrencies such as wallets or settings in the blockchain that require multisignatories on certain amounts in total per transaction and in a monthly period.  Even e-mail confirmation from one or two signatories would increase security and prevent these kinds of thefts.

the possibility of this is extremely small because if electrum.org was actually hacked then we would have heard about it already!

i disagree. we do not need either of these. we need people to learn more before they jump on board. and the basics are simple. and by the way in case you download a wrong wallet from a malicious website multisignature is still not going to save you because the wallet is still using the attacker's seed and he still is going to have access to your funds.
and restricting the amounts per transaction and things like that is simply not possible because bitcoin needs to stay permission-less.

i feel sorry for people who think antivirus keeps people safe, antivirus in many cases is a virus

Why is it that people come here, saying "Electrum is scam, bitcoins stolen" and yet they never give the full story.

It would really help if they posted where they downloaded it, the hash of the executable file, if they kept it on an online PC or offline.

We would investigate and help them out. But they usually never come back to comment.

Generally... if they're smart enough to be able to work out what the hash of the executable file is... or even know what a "hash" is, they'll be smart enough to know how to find the official Electrum website and not be fooled by the scam sites in the first place.

Also, the people who generally fall for the scam versions of Electrum etc, don't really know that this information is helpful for people trying to help them out... they only know they've lost their coins and are obviously angry and upset and just want to vent.

I would not be surprised if the general sequence of events is:

1. "Newbie" user claims Electrum is a scam and stole their BTC
2. Helpful users here ask the usual "where did you download it from? what version was it? did you run malware/virus scans?" questions
3. Victim goes off to find the information requested and discovers they've downloaded a scam version from a scam site
4. Victim is too embarrassed to come back and admit what has happened and disappears into the Ether

those who don't come back usually have made a silly mistake. for example many don't let their wallet sync so they don't see their funds, then they think they have been robbed. when it is fixed they forget about everything and go away.
but it is also possible that they got if fixed elsewhere. there are other forums like reddit[1], there is Github[2], there is also an IRC channel[3] for Electrum. and when you fix it somewhere else you don't just go back to a random forum you visited once (bitcointalk) and update a topic you made with a throwaway account!
of course there is always an occasional troll too!

[1] https://www.reddit.com/r/Electrum/
[2] https://github.com/spesmilo/electrum/issues
[3] irc://irc.freenode.net/electrum