|
Title: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: bL4nkcode on April 10, 2019, 07:44:51 PM Over 25k IP addresses are involved in DDoS against Electrum servers. They can be blacklisted by server operators, following these instructions: http://hodlister.co/electrum-client-blacklist
https://twitter.com/ElectrumWallet/status/1116063328927985664 As of Fri Apr 12 15:37:01 CEST 2019 it's already 42660 entries blocked. Title: Re: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: anu1908 on April 12, 2019, 03:26:58 AM it's now more than 30k ip address. either the perpetrator use dynamic ip or they've a large number of bots to attack electrum. i still don't understand the motive behind this attack, are they trying to make electrum look bad or are they trying to make users use their malicious server?
Title: Re: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: pooya87 on April 12, 2019, 04:12:24 AM i still don't understand the motive behind this attack, the motivation is "money"! and since the attackers have already succeeded in fooling lots of people into downloading their malicious wallet and earn a lot of profit from it, they will continue their attack since they both have the money to cover the costs of the attack and the incentive to do it. here is an example victim losing ~$450 https://github.com/spesmilo/electrum/issues/5262 Title: Re: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: Baofeng on April 12, 2019, 08:46:19 AM it's now more than 30k ip address. either the perpetrator use dynamic ip or they've a large number of bots to attack electrum. i still don't understand the motive behind this attack, are they trying to make electrum look bad or are they trying to make users use their malicious server? I'm assuming it will be the latter. Those bots are coming from everywhere, so it's a coordinated attack. Obviously this attack has just one intention, to steal money from unsuspecting victims. They will continue to do so until such time that they get tired so they go on the next options again. They don't care about electrum to look bad, as long as they can get what they want, they going to attack whoever or whatever services it is. Title: Re: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: Lucius on April 12, 2019, 10:09:27 AM the motivation is "money"! and since the attackers have already succeeded in fooling lots of people into downloading their malicious wallet and earn a lot of profit from it, they will continue their attack since they both have the money to cover the costs of the attack and the incentive to do it. here is an example victim losing ~$450 https://github.com/spesmilo/electrum/issues/5262 The money is in most cases greatest motivation to make something bad, in this case to attack Electrum servers. But such an attack can only cause problems with sync, respectively preventing users from sending / receiving transactions. The fact that Electrum users are still losing funds is not because of DDoS attack, they are use versions of Electrum which are exposed to phishing message. Users from GitHub used the version 3.2.2&3.2.2. This list of attacking IP should help, but each server owner must use it, and I see it can be set to update new bad IP every few minutes. This will make attacks less effective and ultimately result in stopping attacks. Title: Re: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: TryNinja on April 12, 2019, 10:17:49 AM The money is in most cases greatest motivation to make something bad, in this case to attack Electrum servers. But such an attack can only cause problems with sync, respectively preventing users from sending / receiving transactions. The fact that Electrum users are still losing funds is not because of DDoS attack, they are use versions of Electrum which are exposed to phishing message. Users from GitHub used the version 3.2.2&3.2.2. I assume they are attacking the Electrum's servers so their malicious ones can be the only ones working. The user will try servers/close and reopen Electrum until one synchronizes (the bad one), which will give him the “please update” fake message. Obviously this only works in old versions, but the servers are the same, so we all can feel the attack.This list of attacking IP should help, but each server owner must use it, and I see it can be set to update new bad IP every few minutes. This will make attacks less effective and ultimately result in stopping attacks. This just increases the chances of a uninformed user getting phished. Title: Re: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: Abdussamad on April 12, 2019, 11:32:38 AM It's 140k addresses according to echevaria on IRC. He's a bitcoin expert. They can also rent more if they need to. Many hacker forums out there where you can rent botnets.
That issue linked above is interesting because the people affected were using 3.3.2. The DoS exploit in the client prevents < 3.3 from connecting but versions 3.3.0-3.3.2 can still connect to legit servers so their users don't see any immediate reason to upgrade to newer legit versions and they remain vulnerable. The DoS attack on legit servers increases the chances of these users connecting to a scammer's server. Title: Re: Over 25k IP addresses are involved in DDoS against Electrum servers Post by: bL4nkcode on April 12, 2019, 01:59:47 PM i still don't understand the motive behind this attack, the motivation is "money"! and since the attackers have already succeeded in fooling lots of people into downloading their malicious wallet and earn a lot of profit from it, they will continue their attack since they both have the money to cover the costs of the attack and the incentive to do it. here is an example victim losing ~$450 https://github.com/spesmilo/electrum/issues/5262 |