Bitcoin Forum
November 21, 2017, 09:55:36 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: **** WARNING **** Fake Electrum binaries in the wild at electrum-wallet.com  (Read 705 times)
GiGa#
Full Member
***
Offline Offline

Activity: 199


View Profile
August 03, 2017, 04:28:13 AM
 #1

Like in 2015, someone just cloned the electrum.org website into electrum-wallet.com and distributes bad binaries.  

So far I found a few changes in their version of the installwizard.py file

Someone this morning got robbed with 45 Bitcoins from this trojan - ouch!!!   https://bitcointalk.org/index.php?topic=2059967.msg20555125#msg20555125
1511301336
Hero Member
*
Offline Offline

Posts: 1511301336

View Profile Personal Message (Offline)

Ignore
1511301336
Reply with quote  #2

1511301336
Report to moderator
1511301336
Hero Member
*
Offline Offline

Posts: 1511301336

View Profile Personal Message (Offline)

Ignore
1511301336
Reply with quote  #2

1511301336
Report to moderator
Join ICO Now Coinlancer is Disrupting the Freelance marketplace!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511301336
Hero Member
*
Offline Offline

Posts: 1511301336

View Profile Personal Message (Offline)

Ignore
1511301336
Reply with quote  #2

1511301336
Report to moderator
1511301336
Hero Member
*
Offline Offline

Posts: 1511301336

View Profile Personal Message (Offline)

Ignore
1511301336
Reply with quote  #2

1511301336
Report to moderator
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 1106



View Profile
August 03, 2017, 03:21:30 PM
 #2

Googling for Electrum wallet or simply Electrum should give you the original legit site. I'm really curious to know how people fall for this honestly and how they even find these sites and what makes things even weirder is the software version, the original is 2.9.1 while the one on that site is 2.7.12 so not to be rude or anything but people should really use their brains sometimes.

kolloh
Legendary
*
Offline Offline

Activity: 1148


View Profile
August 03, 2017, 06:33:27 PM
 #3

It looks like they also provide a fake signature for verifying the binaries as it differs from the one on the legit site.

You definitely need to be careful and do more research before simply downloading a wallet from a random site. Hopefully this fake site can get taken offline quickly so that no others are fooled.
Coin-Keeper
Sr. Member
****
Offline Offline

Activity: 476



View Profile
August 03, 2017, 10:48:24 PM
 #4

Its just so easy to verify GPG signatures and we have a script already made for the purpose in this forum.  Still, this is another reason why I love my Trezors.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
Coin-Keeper
Sr. Member
****
Offline Offline

Activity: 476



View Profile
August 05, 2017, 09:06:00 PM
 #5

Gi-Ga# - OP,

Thanks for taking the time to post this thread as a warning.  I fear that by the time someone comes here to find out what happened it will be too late.  Still, thanks for trying.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
jhenfelipe
Hero Member
*****
Offline Offline

Activity: 630



View Profile
August 06, 2017, 12:47:03 AM
 #6

That's why I rather type the URL myself (if you know it) rather than googling it. Also, it is recommended to have an Anti Virus with web protection, that will surely detect a malicious website (I have malwarebytes here in my end). Let's be extra careful and responsible to all our actions.

Coin-Keeper
Sr. Member
****
Offline Offline

Activity: 476



View Profile
August 06, 2017, 09:17:21 PM
 #7

True, but nothing holds a candle to a full GPG verification of Thomas' signature, which he places on every official release.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
kolloh
Legendary
*
Offline Offline

Activity: 1148


View Profile
August 06, 2017, 09:38:32 PM
 #8

True, but nothing holds a candle to a full GPG verification of Thomas' signature, which he places on every official release.

Yeah, but that doesn't help people if they aren't on the right website or don't have ThomasV's signature since the fake websites also publish fake GPG signatures.
Coin-Keeper
Sr. Member
****
Offline Offline

Activity: 476



View Profile
August 06, 2017, 10:12:55 PM
 #9

True, but nothing holds a candle to a full GPG verification of Thomas' signature, which he places on every official release.

Yeah, but that doesn't help people if they aren't on the right website or don't have ThomasV's signature since the fake websites also publish fake GPG signatures.

If THEY don't have Thomas' GPG public key on their keyring they are not verifying anything!  Any fake signatures are beyond worthless if compared with Thomas' actual fingerprint verified key.  This is basic stuff.

Another sub standard to GPG solution would be to verify Electrum's site certificate number in the url before downloading any files.  In the case of electrum dot org the correct and ONLY actual fingerprint would reflect the following sha256:  D0:9E:C1:85:9C:CF:85:4A:42:C1:48:38:8D:33:43:0C:4F:23:77:A3:BB:F3:DE:92:51:9F:0E:6F:E8:63:DE:C6

If you don't see this fingerprint while logged into what you assume is Electrum you are NOT on the official site.  A middle man cannot replicate this fingerprint without PWNing the private key and that is unlikely.  Still GPG is somewhat better and the final acid test.

BTC: 1PYSBbuKM3kW19xe9TXJQfq64rPhd8XorF
Staked and Verified: https://bitcointalk.org/index.php?topic=996318.msg17102755#msg17102755
Bitcoinsummoner
Hero Member
*****
Offline Offline

Activity: 658

I'm in vacation


View Profile
August 06, 2017, 11:58:42 PM
 #10

That site is fake the real website for electrum is electrum.org this is the correct site..

If you use this site expect that you can be scam so better to check the url everytime before you download because you can be reach if you don't check it carefully.
Look at the bitmixer there are many fake promoted in search engine. .

..Decision from segwit2x is not Final..
kolloh
Legendary
*
Offline Offline

Activity: 1148


View Profile
August 07, 2017, 02:04:52 AM
 #11

True, but nothing holds a candle to a full GPG verification of Thomas' signature, which he places on every official release.

Yeah, but that doesn't help people if they aren't on the right website or don't have ThomasV's signature since the fake websites also publish fake GPG signatures.

If THEY don't have Thomas' GPG public key on their keyring they are not verifying anything!  Any fake signatures are beyond worthless if compared with Thomas' actual fingerprint verified key.  This is basic stuff.

Another sub standard to GPG solution would be to verify Electrum's site certificate number in the url before downloading any files.  In the case of electrum dot org the correct and ONLY actual fingerprint would reflect the following sha256:  D0:9E:C1:85:9C:CF:85:4A:42:C1:48:38:8D:33:43:0C:4F:23:77:A3:BB:F3:DE:92:51:9F:0E:6F:E8:63:DE:C6

If you don't see this fingerprint while logged into what you assume is Electrum you are NOT on the official site.  A middle man cannot replicate this fingerprint without PWNing the private key and that is unlikely.  Still GPG is somewhat better and the final acid test.

My point was that someone downloading Electrum for the first time and accidentally going to a fake website is not going to know any of this. They likely do not know that the developer is ThomasV and they have no idea which certificate number is valid or which URL is valid. Of course that information will help people knowledgeable about Electrum or previous users, but I'd imagine that new users would be the most susceptible to fake websites such this.
nerioseole
Hero Member
*****
Offline Offline

Activity: 648


View Profile
August 07, 2017, 03:52:11 AM
 #12

My point was that someone downloading Electrum for the first time and accidentally going to a fake website is not going to know any of this. They likely do not know that the developer is ThomasV and they have no idea which certificate number is valid or which URL is valid. Of course that information will help people knowledgeable about Electrum or previous users, but I'd imagine that new users would be the most susceptible to fake websites such this.
Isn't the whole point of this technology?  Don't trust (and act like you don't trust) anyone...

If you use a piece of software in crypto - audit it yourself before using it.  If you can't - because you lack the skills - don't deal with this new technology.   It may seems crude, but it is what it is.  This technology will not go mainstream for another 5 to 10 years... you have to understand how it works, or stay away from it.  If you are stubborn enough to stick with it, accept the possible losses due to ignorance or lack of skills.
 
noormcs5
Hero Member
*****
Offline Offline

Activity: 588



View Profile
August 13, 2017, 10:14:26 AM
 #13

I expected stealing it this hard fork time, but not a stealing seems to be where I thought it was going to be I thought a lot of my life website for promise easy transition for people's Bitcoin while it's at the Bitcoin cash and the reality of that easy transition would be able to be going into somebody else's wallet. Instead it seems to be a software attack.

FORTUNEJACK.COM[
                             
9 BTC WELCOME PACK FOR 1ST 5 DEPOSITS
FREE 1,000 mBTC daily for LuckyJack winners
[
           
]
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!