Electrum BUG - all Bitcoins stolen

[dimme78]

news from heise:

https://m.heise.de/security/meldung/Bitcoin-und-Litecoin-Klau-bei-Electrum-Electron-Cash-und-Electrum-LTC-moeglich-3936813.html

all my Bitcoins are lost  

[1713963257]

1713963257

[1713963257]

1713963257

[1713963257]

1713963257

[1713963257]

1713963257

[1713963257]

1713963257

[pooya87]

are you just sharing a news link or did you actually lose bitcoin? and by the way the site is just addressing the same issue as the sticky warning on top of bitcointalk: https://bitcointalk.org/index.php?topic=2702103.0 about the JSONRPC from versions 2.6 till new releases that fixed it.

in case you actually lost bitcoin, would you mind telling us why you think this is the reason you lost bitcoin and not the fact that you didn't have password set on your wallet? because it may as well have been a simple malware that stole the file itself. something like a keylogger but a little advanced.

[Lucius]

yes, I loose my bitcoins with Electrum last Friday.
After Installation of the new Electrum Desktop Wallet Version 3.0.5 (Windows 10) I see this transfer in the history (5.1.2018 midday).
I opened my wallet with Electrum 3.0.5 on monday 8.1.2018 morning and in the same time there was shown this transfer to another bitcoin address. But I dont do that last friday.
In the other Version of Electrum 3.0.3 my bitcoins are still there (Friday night, after the alleged transfer !!!), my bitcoins are ok at this moment. After I opened in Electrum 3.0.5 all is lost, 3 days later.

This is the Transfer on blockchain.info
https://blockchain.info/address/34xsiBXp3wSGXgVTDtmnkatZ2LbJ3gFMVW

My Electrum wallets was saved with password, I used a clean PC. I have all my passwords in an password manager, no textfile or something else.
I do not understand how that could happen. I dont not use Electrum anymore, you cant trust this tool.

It seems to me you are download fake Electrum wallet and you you could not download version 3.0.5 on Friday 5.1.2018,it was not out yet.There is many fake sites which use Google add to be displayed at the top of search results,only legitimate site for download Electrum is : https://electrum.org/#home

Second thing which indicates that you have fake wallet is fee hacker use to send your BTC to his address-he want to get this transaction confirmed very quick so he use 725.947 sat/B which is even more then highest recommended fee.

You are not only one who lost BTC in this way,but I leave the possibility that something else might have happened-although it is unlikely that it is.

[HCP]

It certainly wasn't Electrum v3.0.5 that caused this. That transaction was sent AND confirmed before Electrum v3.0.5 had even been released.

Chances are that your old Electrum wallet was compromised in some way (malware on PC, keylogger getting seed, fake Electrum stealing keys). If, as you claim, you had a password on your wallet, then you were NOT a victim of any theft caused by the recently discovered vulnerability.

That security flaw would only show seeds/private keys if you had NO password on your wallet file AND you happened to visit a website that was running the malicious code... while your Electrum wallet was open.

[teddy5145]

yes, I loose my bitcoins with Electrum last Friday.
After Installation of the new Electrum Desktop Wallet Version 3.0.5 (Windows 10) I see this transfer in the history (5.1.2018 midday).
I opened my wallet with Electrum 3.0.5 on monday 8.1.2018 morning and in the same time there was shown this transfer to another bitcoin address. But I dont do that last friday.
In the other Version of Electrum 3.0.3 my bitcoins are still there (Friday night, after the alleged transfer !!!), my bitcoins are ok at this moment. After I opened in Electrum 3.0.5 all is lost, 3 days later.

This is the Transfer on blockchain.info
https://blockchain.info/address/34xsiBXp3wSGXgVTDtmnkatZ2LbJ3gFMVW

My Electrum wallets was saved with password, I used a clean PC. I have all my passwords in an password manager, no textfile or something else.
I do not understand how that could happen. I dont not use Electrum anymore, you cant trust this tool.

Can't really blame Electrum for it when the wallet itself are trusted by the community.
Either you have malware on your PC or you've downloaded fake electrum.
Try to check the hash of .exe that you've downloaded and see whether it matches the real hash or not.

Either way, I understand if you don't want to use electrum anymore, try to go with hardware wallet next time

[MrCrank]

yes, I loose my bitcoins with Electrum last Friday.
After Installation of the new Electrum Desktop Wallet Version 3.0.5 (Windows 10) I see this transfer in the history (5.1.2018 midday).
I opened my wallet with Electrum 3.0.5 on monday 8.1.2018 morning and in the same time there was shown this transfer to another bitcoin address. But I dont do that last friday.
In the other Version of Electrum 3.0.3 my bitcoins are still there (Friday night, after the alleged transfer !!!), my bitcoins are ok at this moment. After I opened in Electrum 3.0.5 all is lost, 3 days later.

This is the Transfer on blockchain.info
https://blockchain.info/address/34xsiBXp3wSGXgVTDtmnkatZ2LbJ3gFMVW

My Electrum wallets was saved with password, I used a clean PC. I have all my passwords in an password manager, no textfile or something else.
I do not understand how that could happen. I dont not use Electrum anymore, you cant trust this tool.

Bad news..
Where you download new version? Check history and log, please post link here..
Was been you browser active at this moment?

[Abdussamad]

maybe browser open, but my wallet was saved with a password!!!

Then this bug is not the cause of the theft. You must have downloaded a dodgy copy of electrum or got infected with malware some other way.  Please check your browser history to find out where you downloaded electrum from.

[ThomasV]

since your wallet was protected with a password, it is unlikely that this theft is related to the vulnerability exposed last week.

In the other Version of Electrum 3.0.3 my bitcoins are still there (Friday night, after the alleged transfer !!!), my bitcoins are ok at this moment. After I opened in Electrum 3.0.5 all is lost, 3 days later.

you should definitely explain what you mean by that.
did 3.0.3 display a history where the theft transaction is missing?

is version 3.0.3 still installed on your machine?
if yes, please check the sha256 of the file you downloaded.

also, better stop using that computer and have it investigated by a security expert.

[bob123]

maybe browser open, but my wallet was saved with a password!!!

Well there are two options:
1. Your password was very very weak
2. This theft is not related to the vulnerability in electrum

The exploitation of the vulnerability needs an website to actively exploit this vulnerability.
It doesn't 'just happen' when browsing youtube.

Did you verify the signature of your downloaded file?
You can find all relevant data on electrum's site (https://electrum.org/#download)

no no no, no malware, I have a clean pc, no keylogger possible, ..

How can you be that sure that its not possible for your pc to be compromised?
Just because you have an AV and windows says 'firewall' in the bottom right corner, that doesn't mean you are safe at all.
Did you check your system? What AV's did you use to check your pc ?
Did you have a digital backup of your seed?

[ThomasV]

I checked alle downloads with an Electrum developer, all downloads are ok.

For the record: I am the Electrum developer who answered this user's emails, and we only checked his 3.0.5 download, because he claims to have deleted 3.0.3

[CONANEDO]

I checked alle downloads with an Electrum developer, all downloads are ok.
I checked my PC with an Security Expert, no problems.
I have more than one wallet software and coins. Only my Bitcoin from Electrum wallet are effected.

fact:
The transfer was only visible with Electrum 3.0.5 on Monday morning (8.1.2018) - 3 days later!!!
The transfer was actually on Friday midday (5.1.2018 11:33), BUT I still see all my bitcoin in the orig. Electrum 3.0.3 on Friday evening, houres lates, all bitcoins are ok at this moment.

conclusion: you can't trust dektop wallets, you can't trust Electrum!!!

(and i'm a master in computer science since 2003 / administrator and programmer since more than 14 years - i'm not a computer dummy)

when i was trying to download new version 3.0.5 from my old electrum wallet i clicked  the help button and the link  is www.electrum.org because i though i clicked from my old electrum i don't mind although i read from theymos this is the link,electrum.org.i tried to download the 3.0.5 version for windows but  it's just not working at all.and then i download again from electrum.org still not working for my windows so my solution is using   Standalone Executable download and i can open eletrum wallet but this is not install in my computer.from there i  transfer all my fund to other exchange.lucky everything went smooth.
they said =Note: Some old versions of Windows might need to install the KB2999226 Windows update.
i don't want to install something that i don't understand including this KB2999226.lucky i do what what i think the best solution for me.

[pooya87]

~
they said =Note: Some old versions of Windows might need to install the KB2999226 Windows update.
i don't want to install something that i don't understand including this KB2999226.

what is there to understand? it is a Windows update released by Microsoft the same company that released the Windows you are already using! and you download it through Microsoft itself.
it is an update for Universal C Runtime (CRT) in Windows. if you are curious about the details read the kb article from Microsoft official website:
https://support.microsoft.com/en-us/help/2999226/update-for-universal-c-runtime-in-windows

[Spendulus]

I checked alle downloads with an Electrum developer, all downloads are ok.

For the record: I am the Electrum developer who answered this user's emails, and we only checked his 3.0.5 download, because he claims to have deleted 3.0.3

yes right, but I checked in the browser download history, this was the right software from the correct website, there was no other Electrum 3.0.3, I am not stupid, I have never used a wrong download before. Also I checked my PC with an windows server administrator and a java/delphi programmer now. I have a 100% clean computer. I have used 6 different desktop wallets at this time, everyone is ok. But only this problem with Electrum. coincidence? stupidity? Sorry, but I do not believe in coincidences and I did not do anything wrong, quite the opposite. I am always careful, it is still a mystery to me and my friends. Fact is, now I was robbed by whoever and I used Electrum and nobody can help me.

Let me say first that I feel for your loss, and my advice to you is to get your bitcoins off of computers and onto either hardware wallet like Trezor or paper wallets.

It may interest you, I have just now been writing a fictional scenario where an intruder activates the camera on her target's PC, and simply reads the password the target enters and then reads the numbers on the 2FA authentication device.  The intruder types the 2FA in quicker than he does, and locks him out.

Yes I made that up. It's fiction. Now I've publicly stated it, so maybe tomorrow the bad guy tries it out.

Do we know all the routes a bad guy might take? Nope, you cannot.

[audaciousbeing]

In all of this, I think the bone of contention is one should be careful of where to download the wallet as even the vulnerability scare makes amateurs hackers carry out their activities because they know everyone who has an Electrum wallet will be in a haste to upgrade and not even bother to verify the site in which the download is to be made. Some other people because of the pressure and the amount involved just typed in Google in other to upgrade ASAP only to discover that it was at the point of trying to become more secure that they become way more vulnerable. The onus is on us to exercise much more patience even in the face of unending pressure.

[shinjunobi09]

You must have downloaded a fake electrum wallet because last time I checked there is no updates regarding the electrum wallet you are stating. Also, you may try cleaning up your PC and it installed by a strong anti-virus to avoid getting accessed with these kinds of malicious sites, maybe your relying on free anti-virus which is very much weak and cannot be considered as mere protection against these type of attacks.

[dhas]

You must have downloaded a fake electrum wallet because last time I checked there is no updates regarding the electrum wallet you are stating. Also, you may try cleaning up your PC and it installed by a strong anti-virus to avoid getting accessed with these kinds of malicious sites, maybe your relying on free anti-virus which is very much weak and cannot be considered as mere protection against these type of attacks.

I guess they download wrong electrum wallet, because if they download the original wallet they cannot experience problem. I also used electrum wallet and the problem I can see in this wallet is charges or payment is very high compared with the other wallet. Because when I withdraw my amount stored in this wallet almost half of my bitcoin will be used for payment.

[AMONRA75]

i have this problem too.
i have install electrum 3.0.3 at 26.01.2018
after 2 days i have see a output transaction and all my bitcoin lost.
don't use electrum! shit!

[Ayanamirs]

i have this problem too.
i have install electrum 3.0.3 at 26.01.2018
after 2 days i have see a output transaction and all my bitcoin lost.
don't use electrum! shit!

From where you downloaded? Did you checked the PGP signature?

[AMONRA75]

i have this problem too.
i have install electrum 3.0.3 at 26.01.2018
after 2 days i have see a output transaction and all my bitcoin lost.
don't use electrum! shit!

From where you downloaded? Did you checked the PGP signature?

from official site and not 3.0.3 version but 3.0.5

[Lucius]

i have this problem too.
i have install electrum 3.0.3 at 26.01.2018
after 2 days i have see a output transaction and all my bitcoin lost.
don't use electrum! shit!

There are several ways you have lost your BTC,and the one that is most likely is that you download Electrum from fake site.At that time there is many fake Electrum sites shown at the top of search results and if you not careful and check site you got fake Electrum.The only legitimate site for download Electrum BTC is https://electrum.org/#home

Other way is that you have some RAT(remove access trojan) on your device,so hacker is get your private keys/seed.Electrum is completely safe if it is download from official site and if user device is clean from virus/malware.