-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I am Thomas Voegtlin, main developer of the Electrum Bitcoin wallet.
On Dec. 6th, 2014, my GMX email account has been compromised and its password was reset. Using access to my GMX account, the attacker could obtain a password reset of my @ElectrumWallet Twitter account, and posted racist messages on it. I have since then regained control of my GMX email account, and I hope that the Twitter situation will get resolved soon.
The Electrum website, SSL certificate, Github account, were not affected by the attack, and the source code of Electrum was not modified.
At this point it is not known how my GMX account was compromised, so I will consider that email address as permanently compromised, even if I have regained access to the account. I will post more information once the situation is fully resolved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBAgAGBQJUiBwuAAoJECvVgkt/lHDmbDMP+gNHQUvlQPGEAlsgf4xToPQ0 +/aGRrj2DiKNT32EwcyZOqKjdrYUgSNXHAfDEFHgZDgEXTReIZS/FxVNdZXT/g+H kJvb3mpso4hhk/OXOOtDEINkAw/VAu8Sw70+v+VwCbOE5ZfrNpQXFkjoAb706dvk aO1OgzICRISniVHWkZ9E4RmC/L+Y14bicE+7KOh2vmFX2vHJ0WI/7QLRrvvrwkl8 3OnGUS4bnBOGX/DHCT3EmW8GS8CNJrWwfrOgkl/yHY4gpeW7VMsc3p0Uaow96ne8 ZeyH4UOdZiBOHRvGPnh2SmhThHtM4TLDJ3f+v8p3mx8tjH7EGGRKWp9M0knFySWr iBYSjjgO0nSMctyfyNOxyuYMuMoQfsUpD0C2SO9SuW8VVaPWh/ovocJp5OFpNHuf rR1DlfAKgMMSvxb4NHTUs4vJlhOzCakuNqjnuqU6F1glP33ALe3lkd7QmDg/Dirg ndsscaTM+LTVR4ZWV0+Bsi+tpSigYW5+etGBfWNkfUprvHDHQIHTOu3xGMXRmCYL R1Q84lYBCasBVFo9nrc0sa7XH/mtlZqzEJrfWk7fd8XlV2wk4JmUBuTd7C0F4eq8 0IIAOwD+662blWJ8vet+EMvCQHpsSubS0159fJ+LwebSQU7HVRHJhgKHirtA7Kdz I0RoVkmUflBvv4Ng/2Lt =fPjo -----END PGP SIGNATURE-----
|
|
|
thanks for the help on how to build binaries. Note: if you test the current version, please be aware that the current wallet format might not be compatible with the final 2.0 release.
|
|
|
obviously it's taking much more time than I initially planned; sorry about that.
|
|
|
Electrum uses a 3rd party server, which if you connect to a cancer server, then you can be fooled to think you have bitcoins you really may not.
This is wrong. Electrum verifies all transactions in its history using SPV.
|
|
|
ich werde heute dabei sein.
|
|
|
you can also create a watching only wallet with the gui and your master public key
|
|
|
I merged it because it works.. however, that plugin still needs to be polished and tested.
I just downloaded 2.0 from git on a Linux Mint 17, and there is no option for Trezor under "plugins", although there appears to be a trezor.py file in the plugins folder... it just isn't showing in the GUI. Is there something I have to do to "import" the Trezor plugin or something? you have to create a new wallet
|
|
|
I merged it because it works.. however, that plugin still needs to be polished and tested.
|
|
|
Give Thomas few days, it is completely new version of the server I will install it soon and I might be able to improve the docs. I got it running with some minor hacks. I didn't see any tags in the repo. Release tags might be a good idea so if something doesn't work I can just go back to the last tag. EDIT: Actually, no I didn't get it running. It's choking on a futex. I fixed setup.py yesterday.. let me know
|
|
|
I see no reason why the "hacker" would not take the last 8 BTC from the OP.
Looking at the wallet: Most of the coins were sent to 1BA8FTYVxVnebhxQGzxJWy4Y4QKwsVKEko, in 7 transactions. I guess the reason why we see 7 transactions instead of just one, is that the coins in the wallet were highly fragmented: each of these transactions has dozens of inputs. However, these transactions paid only 0.1mBTC in fees. I consider it likely that an 8th transaction was attempted with the rest of the coins, but failed to be propagated due to insufficient fees. If that is the case, the final withdrawal (15d291dd8e705298499e37026b8574042eb3b0bccc0046878500af0b19c319fb, probably made by the legitimate owner) double spent the thief withdrawal. (that withdrawal paid 0.4mBTC in fees) Lessons learnt: - never email your seed to yourself. (write it on paper) - pay the suggested transaction fees, if you are in a hurry to have your transactions confirmed.
|
|
|
and my seed was saved in my email 1. what do you mean by that? 2. move all the remaining coins away from this wallet. 3. it does not make sense to steal part of the coins and to leave 8 btc in the wallet. if you publish the master public key, we might be able to see what really happened.
|
|
|
I'm running the most recent electrum server from GIT. The logfile seems to be missing blocks, is the following normal? [25/07/2014-20:48:22] blockchain: 312457 (82.964s) [25/07/2014-20:58:35] blockchain: 312458 (194.778s) [25/07/2014-21:02:21] blockchain: 312460 (128.478s) [25/07/2014-21:10:27] blockchain: 312462 (250.398s) [25/07/2014-21:16:38] blockchain: 312463 (166.109s) [25/07/2014-21:22:49] blockchain: 312464 (212.260s) [25/07/2014-21:51:48] blockchain: 312466 (670.598s) [25/07/2014-21:56:06] blockchain: 312468 (168.989s) [25/07/2014-22:04:08] blockchain: 312469 (166.773s)
Why do I not get a log message for every block? if several blocks are available, it processes them together, before it prints a log line. I agree that it can be confusing, it should probably print a message on each block
|
|
|
However, this does not solve the compatibility issue: The real problem is wallet structure, and there is no agreement on that between wallets developers.
What are your thoughts on BIP-0044? Do you think that a standardization of HD wallets in this fashion will be a good way of structuring? https://github.com/bitcoin/bips/blob/master/bip-0044.mediawikiyes, I am considering using it. However, I think that it will not be compatible with Multibit, which will not support multiple accounts afaik. Also, it is probably a bit incomplete: * it does not say anything about multisig wallets. * it does not say if the same gap limit applies to change addresses. * it does not make any recommendation about waiting for confirmations before generating new addresses.
|
|
|
Thank you for your support. I usually do not request donations for myself, because I do not think it is an effective way to incentivise free software. Developers who request bounties tend to finish projects quickly, and do not really care about long-term maintenance.
However, you you can donate to the people who run public Electrum servers. Electrum does relies on servers, and we currently lack an effective way to reward the server operators.
Also note that I created a company that will distribute Electrum, sell paying services to Electrum users, and fund further development of the Electrum software.
|
|
|
My contribution to bip39 was to make it independent from the dictionnary used. That means you can use whichever word list you want with bip39, even a chinese wordlist not supported by your bitcoin client.
However, this does not solve the compatibility issue: The real problem is wallet structure, and there is no agreement on that between wallets developers.
Thus, it will not be possible to import Electrum seeds in other wallets, but this has absolutely nothing to do with the wordlist.
|
|
|
Repeat for each imported key you want to empty.
no need to do several transactions. you can select multiple addesses and send from all of them.
|
|
|
congratulations! looking forward to see it live
|
|
|
the utxo root hash will be used by the client to check proofs of completeness sent by the server. this is not enabled now.
|
|
|
Ah , ok...so they already got this covered.
How do you suggest I contribute to the electrum project?
if you are a programmer, use and test the git head version. you will see which features are already developed, and you will be able to submit changes and fixes.
|
|
|
in a terminal it is if you use the python console, you need to comply with the python syntax: getrawtransaction("txid") (with quotes) In the gui you can also use the menu: Tools -> Load Transaction -> From the blockchain
|
|
|
|