Within ~5 months?  I would guess so, yes.
But this depends on the hardware the attacker is using and the efficiency.

I'd still believe that your file server has been somehow compromised.

The vulnerability allowed the server to show a message to the client.
It wasn't really an update function. It was a warning message saying that the current version is vulnerable and that an update should be performed (with an link to the fake version of electrum).




It would only show that there is an update available. You still would have to visit electrum.org to download and install it.

First, props for using the correct format. We don't see that often here.

Since your issue got already fixed, i'd like to express an opinion and recommendation: Don't use changelly or any other instant exchange.
If you really want to exchange crypto <-> crypto, just use an exchange.

If you don't want your BTC inputs being linked, you could just coinjoin them first (e.g. using wasabi wallet) and send them to your exchange afterwards.
This way, you'll already have anonymity to a certain degree.


There have been way too much scams happening with instant exchanges. Better play it safe, and use an proper exchange.

I do realize that the victims don't really care about how a specific score is rating that vulnerability.
But with BTC and the whole be your own bank around it, people also need to secure their funds themselves.


And we are not talking about being extremely techy.
It is enough to internalize "simple" things like 1) only downloading from the official website and 2) do not click on random links / do not download random stuff.

I believe that you don't have to be techy or be working in the IT field to actually do that.

But a lot of people still fall for simple scam mails (e.g. nigerian prince or whatever the current equivalent of that is).
And those people are not ready yet for keeping their money safe - all on their own.

BTC does not have a system yet which is that fool-proof. And i doubt we will ever get that far.
So people actually have to learn new things. They have to learn basic IT stuff like not clicking on every random link.

We can just hope that the victims learnt it this way. And that their loss wasn't too huge.

Then you are good to go 

You might still consider switching to an HD wallet (i.e. using a seed to generate all of your private keys) to make it easier for you to keep a non-digital backup (with an HD wallet for example the mnemonic code: 12/24 words).
With multiple private keys you need to be quite careful when writing them down (assuming you do have an non-digital backup; which you should).
That would be an improvement to your setup 

Because it is not plagiarism if they include the original source link.
They just use a translator to create a shitty version of the original topic, and include a reference to the original one.

"Such a security flaw" ?

The CVSS score of that vulnerability is somewhere between 2.5 and 3.5 out of 10 and therefore low severity.
It doesn't do anything else than just displaying a message.

If an user visits a fake github page with no source code and installs malware without verifying the signature, they are completely at fault.

It is almost like saying "I received an email in my mail client and clicked the link to install this program. The email client is at fault." That's not exactly the same since, but both is nonsense and comparable.

So?

If you are looking at BTC just as an investment to earn more money (FIAT), you do have the wrong intention in mind.
I don't care if the price skyrockets or not.

BTC will at least preserve your value, which can't be said about FIAT currencies. That's more than enough incentive to hold and use BTC.

I don't think a negative trust rating would be appropriate at all.


Using a translator to get merits just because your post quality is so low no one actually likes reading your posts, does not mean that trading with this person is high-risk.
IMO a neutral one definitely would be accurate, but a negative one seems to be a bit too harsh.

If you personally believe trading with people using an auto translator to gain merits is high-risk, this is more than enough explanation you need for a neg trust rating.

To me it seems that there are 2 likely scenarios:

1) Your mobile is compromised. This is quite unlikely because you said you have 2 wallet files stored there but only 1 got compromised.
Further your wallet was password protected and since you didn't open it for 5 months it is quite odd that it got emptied 1 month ago.

2) Your mnemonic code somehow got exposed. That's what i would guess. You stored your mnemonic on a file server. Is there a (any) route from your file server to the internet? If yes, then most likely your file server somehow got compromised.

Number 2) would be my guess. What kind of software is running on your file server, which version? How is it running inside of your network (old PC, etc..)? Do you have a firewall set up?

Not directly in terms of calculate the input out of the resulting hash.
But in this case you could just create a list of all addresses and their hash. Then lookup the hash in your table and you got the corresponding address.



Block explorer run a full node (e.g. bitcoin core) with txindex=1 and some custom software to query the needed data.
They most likely don't run an electrum server. There is no obvious reason to do so.

Wow. Didn't expect that to ever happen 



Don't forget the fact that it is closed source because it "makes it harder to create malicious phishing versions".
Oh and the "email backup" also is.. lets say not ideal. 

Unfortunately, yes.
If your funds have been transferred out of your wallet, you are out of luck.



Did this happen on your computer (windows?) or your mobile?
This address has been mentioned at least 2 times already where people lost their funds. Both times this was on a mobile phone.

The first thing would be to find out whether you have installed a malicious version of electrum or whether your PC is compromised.
Did you install it or did you use the standalone executable?

If you used the standalone executable or still have the installer, you could verify the PGP signature.
If it is the signed one, electrum is legit and your device has been compromised in a different way. If it is not, it was a malicious electrum clone.

The safest way to remove any malware is to create a backup of your important data and reinstall your OS.
If this has "only" been caused by the malicious electrum version, you might be fine by simply removing it from your system (again: installed / standalone?). No guarantee tho.

If you downloaded it from electrum.org, the probability that you installed malware is pretty low (not impossible tho).
The chances are higher that it wasn't electrum.org but a malicious website which does look exactly like the original one.

The other option would be that your machine already was compromised.

This vulnerability requires the wallet to be open and unencrypted while at the same time browsing on a malicious website.



This vulnerability only shows a fake message with a link to malware. It doesn't do anything else.


OP, your coins are gone.
You either 1) didn't install the original electrum, but malware. Did you verify the PGP signature? or 2) installed the original electrum but your machine is compromised because of malware you downloaded before/after installing electrum.

Supply chain attacks are a risk for both ledger and trezor HW wallets.

Even without the enabled JTAG interface, there is a risk of getting a compromised hardware wallet.
Inserting a hardware implant was possible all the time. And with such an implant, you'd be able to (for example) trigger the button press to confirm a transaction with radio waves. 

While the enabled JTAG interface poses some new concrete attacks, the supply chain has always been a possible (and not that realistic) attack vector.

Desshalb habe ich ja auch von einem trust rating geschrieben und nicht vom trusten/distrusten allgemein 




Ein (relativ neuer) User hat sich einen Guide aus dem englisch-sprachigen Teil geschnappt und ihn fehlerhaft (mithilfe eines Translators) übersetzt und hier im deutschen Teil gepostet.
Hatte also nichts mit Geld verdienen / Handeln zu tun. War nur dazu da, Merits zu erhalten.

IMO rechtfertigt das kein neg trust rating. Bin aber dennoch gespannt andere Meinungen und Begründungen (wie z.B. die von Souri) zu hören.

Well, not entirely.

Core is a full node and connects to other nodes in the P2P network.
Electrum is a lightweight client and connects to a server which is a full node and is connected to other nodes.

With core, you are directly participating in the P2P bitcoin network. With electrum, you don't.

Da mole0815 gerade fleißig am Threads löschen ist, kommt man garnicht mehr hinterher zu antworten.

Als Antwort auf den letzten Thread von 1miau (welcher gelöscht wurde?) welcher sich auf den davor von mole0815 gelöschten Thread bzgl. haveibeenpwned bezog:


Den Vorschlag/Gedanken bzw. die Meinung bei häufigerem Translator spam, ein negatives Trust rating zu hinterlassen, teile ich garnicht.

Das Trust rating sollte alleine darauf bezogen sein ob man selber glaubt ob ein User einen anderen betrügen würde oder nicht.
Siehe Trust Seite:


Das benutzen von Translatorn um Merits abzustauben gehört, meiner Meinung nach, eindeutig nicht dazu.

Vielleicht habe ich 1miau aber auch falsch verstanden. Konnte den Post nur ein mal lesen. Danach war er weg.


Vielleicht möchte 1miau seine Ansicht hier nochmal ausführlicher darstellen?
Andere Meinungen dazu? Wer wäre denn pro "negative trust für translator spam"?

Alright, let me rephrase it then:


Core uses HD wallets since version 0.13 released 17.10.2015
If you created your wallet at some point after this date, you use a HD wallet (visible in the bottom right corner: HD) and don't have to backup your wallet regularly.
Backing it up once is enough in this case.


@mocacinno, happy now?