first of all, Electrum is AGAIN, under attack. As what they said the last time, the pishing wont happen again. and it does. As of now, yes mine is being attacked/pished by someone. BUT due that i always ignore all notifications that said to update from here
https://github.com/electrum-project/electrum/releases/latest (which is not the right one to update your wallet!) so my funds are not stolen BUT froze in this wallet.
1. Receive this notification said to update the wallet how many times today.
https://prnt.sc/mfkul1 so i cant even send any transactions out of the wallet right now.
2. Kept calmed, i deleted that wallet, and download an updated one FROM
https://electrum.org/#download and after updating the wallet still can't sent my funds out
https://prnt.sc/mfky6f .
PS: I have expirience this kind of attack before as i created a topic for it
https://bitcointalk.org/index.php?topic=5089945.msg48903952#msg48903952 . And yet, still using it. Becausei believe that Electrum wallet is the most secured bitcoin wallet. Please in also behalf of all users who expirienced this, help us know what's happening. What to do and how to do avoid it.
Calling all developers from Electrum, please response below how to fix this and why this is happening.
Thanks.
Hi, I work for Electrum Technologies GmbH. We are aware of the attack, and to mitigate it, we have done a number of things:
1. there is a new version of ElectrumX that makes it harder to start malicious servers and have them relayed. The new ElectrumX will warn users that have an old version of Electrum that shows error messages as rich text, which makes the phishing attack so convincing.
2. as previously mentioned, there are new versions of Electrum (v3.3.2, which disallows rich text in error messages, and v3.3.3 which has a Bitcoin Core error whitelist). To get the newest version of Electrum, always use electrum.org, never any other domain. There are new phishing attempts from all kinds of lookalike URLs every month. Never get Electrum from anything but electrum.org.
3. since so many users were on old versions, we have started our own ElectrumX servers that notify outdated users to update, but using the genuine URL (electrum.org). We are aware that this might be confusing for users, as it legitimizes this way of spreading update notifications, which we never meant to include in the first place. But since the attack has started, and this will potentially prevent users from getting scammed, we decided to do it.
If you didn't update Electrum from malicious sources, your coins are safe and you don't have to worry. If you suspect that you might have installed malicious software, take your computer offline immediately and follow typical procedures to restore from seed on a trusted machine.
Show Posts
