vnck25 (OP)
Member
 Offline
Activity: 392
Merit: 11
|
 |
January 07, 2018, 03:16:32 PM |
|
Since there is a security issue with the electrum wallet, is there a way to check our BTC balance without signing into the wallet?
I know there is a way for MyEtherWallet where you can use Etherscan.io to check the balance of ETH and all the ERC20 tokens in that wallet. However since electrum changes its public address after every transaction is this something possible? Can we use blockchain.info to do this? Please shed some light on this issue.
Thanks!
|
|
|
|
|
|
|
|
|
|
There are several different types of Bitcoin clients. The most secure are full nodes like Bitcoin Core, which will follow the rules of the network no matter what miners do. Even if every miner decided to create 1000 bitcoins per block, full nodes would stick to the rules and reject those blocks.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
BitcoinSupremo
|
|
January 07, 2018, 03:52:53 PM |
|
Since there is a security issue with the electrum wallet, is there a way to check our BTC balance without signing into the wallet?
I know there is a way for MyEtherWallet where you can use Etherscan.io to check the balance of ETH and all the ERC20 tokens in that wallet. However since electrum changes its public address after every transaction is this something possible? Can we use blockchain.info to do this? Please shed some light on this issue.
Thanks!
Yes you can. There 's no issue if you open electrum while you haven't open up any browser tab. So what you do is open electrum wallet and copy the btc address you want to check to a notepad document. Close electrum and then open up a browser, go to blockchain.info and copy the btc address you want to check. That's how you do it. However upgrade, as this is an advice from ThomasV ,the creator of Electrum. |
|
|
|
|
|
bitperson
|
|
January 07, 2018, 03:57:30 PM |
|
Blockchain explorers usually allow you to check one address at a time. The blockchain doesn't 'know' which addresses 'belong' to your wallet. However, https://www.blockonomics.co allows you to paste in several addresses at once, making it a convenient tool for checking your wallet balance. |
|
|
|
ranochigo
Legendary
Offline
Activity: 2954
Merit: 4165
|
|
January 07, 2018, 11:04:26 PM
Last edit: January 08, 2018, 08:50:06 AM by ranochigo |
|
Since there is a security issue with the electrum wallet, is there a way to check our BTC balance without signing into the wallet?
I know there is a way for MyEtherWallet where you can use Etherscan.io to check the balance of ETH and all the ERC20 tokens in that wallet. However since electrum changes its public address after every transaction is this something possible? Can we use blockchain.info to do this? Please shed some light on this issue.
Thanks!
Yes you can. There 's no issue if you open electrum while you haven't open up any browser tab. So what you do is open electrum wallet and copy the btc address you want to check to a notepad document. Close electrum and then open up a browser, go to blockchain.info and copy the btc address you want to check. That's how you do it. However upgrade, as this is an advice from ThomasV ,the creator of Electrum. You should do this offline actually. With the exploit, anyone can get your seeds by guessing the correct port. Anyone can run an attack on your IPs actually, doesn't have to be a website. The website method is for the attacker to target anyone who goes to the website.Sorry, the RPC is open to the local machine only. This would only work where there is either a malicious program on your computer or if you accessed a website and they used CORS to scan and connect to your computer. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
leopard2
Legendary
Offline
Activity: 1372
Merit: 1014
|
|
January 07, 2018, 11:09:43 PM |
|
no need to be complicated just use Electrum 304 which is fixed...
|
Truth is the new hatespeech.
|
|
|
vnck25 (OP)
Member
Offline
Activity: 392
Merit: 11
|
|
January 08, 2018, 12:31:07 AM |
|
no need to be complicated just use Electrum 304 which is fixed...
Thank you very much for your reply! |
|
|
|
|
|
keyboard warrior
|
|
January 08, 2018, 02:30:59 AM |
|
no need to be complicated just use Electrum 304 which is fixed...
Thank you very much for your reply! It's now version 3.0.5 you need to upgrade to. They rushed version 3.0.4 then a day later discovered the bug wasn't completely fixed in it. |
|
|
|
|
zenyfomax1
Jr. Member
Offline
Activity: 98
Merit: 1
|
|
January 08, 2018, 06:01:37 AM |
|
no need to be complicated just use Electrum 304 which is fixed...
Thank you very much for your reply! It's now version 3.0.5 you need to upgrade to. They rushed version 3.0.4 then a day later discovered the bug wasn't completely fixed in it. electrum is one of the (if not *the*) most popular desktop wallets for bitcoin right? this doesn't look very good... |
|
|
|
|
Kakmakr
Legendary
Offline
Activity: 3444
Merit: 1957
Leading Crypto Sports Betting & Casino Platform
|
|
January 08, 2018, 07:15:07 AM |
|
no need to be complicated just use Electrum 304 which is fixed...
Thank you very much for your reply! It's now version 3.0.5 you need to upgrade to. They rushed version 3.0.4 then a day later discovered the bug wasn't completely fixed in it. electrum is one of the (if not *the*) most popular desktop wallets for bitcoin right? this doesn't look very good... I beg to differ. I think the most used wallet is the Blockchain.info wallet and that site has had it's fair share of troubles in the past and it is still standing. ^smile^ You have to worry, when exploits like this is not discovered and people start losing coins on these platforms. Most of these wallet providers are using Open Source software, so it is pretty hard to hide these exploits. ^smile^ |
| ..Stake.com.. | | | ▄████████████████████████████████████▄
██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄
██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████
██ ██████████ ██ ██ ██████████ ██ ▀██▀
██ ██ ██ ██████ ██ ██ ██ ██ ██
██ ██████ ██ █████ ███ ██████ ██ ████▄ ██
██ █████ ███ ████ ████ █████ ███ ████████
██ ████ ████ ██████████ ████ ████ ████▀
██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
██ ▀▀▀▀▀▀▀▀▀▀ ██
▀█████████▀ ▄████████████▄ ▀█████████▀
▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄
██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█ ▄▀▄ █▀▀█▀▄▄
█ █▀█ █ ▐ ▐▌
█ ▄██▄ █ ▌ █
█ ▄██████▄ █ ▌ ▐▌
█ ██████████ █ ▐ █
█ ▐██████████▌ █ ▐ ▐▌
█ ▀▀██████▀▀ █ ▌ █
█ ▄▄▄██▄▄▄ █ ▌▐▌
█ █▐ █
█ █▐▐▌
█ █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀ ▐█▌ ▀█▄
██ ▐█▌ ██
████▄ ▄█████▄ ▄████
████████▄███████████▄████████
███▀ █████████████ ▀███
██ ███████████ ██
▀█▄ █████████ ▄█▀
▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀
▀███████ ███████▀
▀█████▄ ▄█████▀
▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
|
TheQuin
|
|
January 08, 2018, 09:18:53 AM |
|
It's now version 3.0.5 you need to upgrade to. They rushed version 3.0.4 then a day later discovered the bug wasn't completely fixed in it.
That is not entirely correct. They released 3.0.4 which disabled the RPC server vulnerability so it is safe to use. The 3.0.5 is a fix rather than just disabling. Either version means you are safe. The rushed 3.0.4 to get a safe version available as soon as possible they didn't discover "the bug wasn't completely fixed in it", they always knew that they would then release the full fix later. |
|
|
|
ranochigo
Legendary
Offline
Activity: 2954
Merit: 4165
|
|
January 08, 2018, 10:01:04 AM |
|
That is not entirely correct. They released 3.0.4 which disabled the RPC server vulnerability so it is safe to use. The 3.0.5 is a fix rather than just disabling. Either version means you are safe. The rushed 3.0.4 to get a safe version available as soon as possible they didn't discover "the bug wasn't completely fixed in it", they always knew that they would then release the full fix later.
It wasn't fixed. Even though CORS is disabled, the vulnerability can still be exploited by using POST request. It's just made more difficult for websites to exploit but it's still possible. 3.0.4 disables the ability to trigger a CORS preflight but didn't disable JsonRPC. 3.0.5 disabled JSONRPC commands. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
zenyfomax1
Jr. Member
Offline
Activity: 98
Merit: 1
|
|
January 08, 2018, 10:47:10 AM |
|
no need to be complicated just use Electrum 304 which is fixed...
Thank you very much for your reply! It's now version 3.0.5 you need to upgrade to. They rushed version 3.0.4 then a day later discovered the bug wasn't completely fixed in it. electrum is one of the (if not *the*) most popular desktop wallets for bitcoin right? this doesn't look very good... I beg to differ. I think the most used wallet is the Blockchain.info wallet and that site has had it's fair share of troubles in the past and it is still standing. ^smile^ You have to worry, when exploits like this is not discovered and people start losing coins on these platforms. Most of these wallet providers are using Open Source software, so it is pretty hard to hide these exploits. ^smile^ blockchain.info is web-based, am i correct? i was specifically referring to desktop wallet. |
|
|
|
|
|
lionelho
|
|
January 08, 2018, 01:00:20 PM |
|
That is not entirely correct. They released 3.0.4 which disabled the RPC server vulnerability so it is safe to use. The 3.0.5 is a fix rather than just disabling. Either version means you are safe. The rushed 3.0.4 to get a safe version available as soon as possible they didn't discover "the bug wasn't completely fixed in it", they always knew that they would then release the full fix later.
It wasn't fixed. Even though CORS is disabled, the vulnerability can still be exploited by using POST request. It's just made more difficult for websites to exploit but it's still possible. 3.0.4 disables the ability to trigger a CORS preflight but didn't disable JsonRPC. 3.0.5 disabled JSONRPC commands. So now 3.0.5 completely fixed the problem? BTW, is the Android wallet required to upgrade also? |
|
|
|
ranochigo
Legendary
Offline
Activity: 2954
Merit: 4165
|
|
January 08, 2018, 01:46:22 PM |
|
So now 3.0.5 completely fixed the problem? BTW, is the Android wallet required to upgrade also?
Yes. The problem stems from the fact that the JSONRPC wasn't password protected. Android is affected in the same way, you have to update. The latest version disables the JSONRPC for Android. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
joshfraser
Newbie
Offline
Activity: 9
Merit: 0
|
|
January 08, 2018, 11:21:45 PM |
|
Where can I read more about this security issue?
|
|
|
|
|
exstasie
Legendary
Offline
Activity: 1806
Merit: 1521
|
|
January 08, 2018, 11:56:17 PM |
|
Where can I read more about this security issue?
You can read about the issue on Electrum's Github here: The JSONRPC interface is currently completely unprotected, I believe it should be a priority to add at least some form of password protection. no need to be complicated just use Electrum 304 which is fixed...
Less than a day later, a new version was released, and the developers stated that 3.0.4 didn't fully address the vulnerability. That's why my gut reaction to these disclosures is to shut everything down, make sure networks are completely disabled, and shelter in place. My Electrum funds are all in forced-HODL mode right now. I'll see how things look in a week or two.  |
|
|
|
|
Captain_Planet
|
|
January 09, 2018, 01:01:42 AM |
|
I have upgraded the electrum wallet. now let me know what should I do next? May I move my funds out or avoid loggin in anymore for a few days or after updating problem is solved and I am safe now? Please let me know.
|
|
|
|
|
|
dado7
|
|
January 10, 2018, 07:33:54 AM |
|
Blockchain explorers usually allow you to check one address at a time. The blockchain doesn't 'know' which addresses 'belong' to your wallet. However, https://www.blockonomics.co allows you to paste in several addresses at once, making it a convenient tool for checking your wallet balance. Always check your balance this way. For Ethereum and ERC20 coins you can use Ethporer or Etherscan. Never input your private keys anywhere more then absolutely neccessary. Also, 3.0.5. version of Electrum wallet was upgraded to clear the risk so you can download it and safely use. Also, just as a simple security advice - never open a browser and bitcoin wallet at the same time. |
|
|
|
|
