Vulnerability discovered in Electrum 2.6 to 3.0.4: please upgrade

[HCP]

Because Electrum is an HD (Hierarchical Deterministic) wallet... it generates a new address every time one is "used"... each address has it's own private key... so multiple address = multiple private keys.

To know which private key you need to use, you have to identify which address(es) your bitcoins were on at the time of the fork. (ps. You haven't specified which fork you're talking about).

Once you know which address(es) your BTC were on at the time of the fork... you can get the private key by going to the "Addresses" tab (you may need to select "View -> Show Addresses")... then right click on the address(es) you need the private key for and select "Private Key" from the menu.

NOTE: don't forget to change the filter from "Receiving" to "Change" to see your "Change Addresses" which might contain some of your BTC.

[1715435163]

1715435163

[1715435163]

1715435163

[1715435163]

1715435163

[blockaudit]

Yes, there's almost a new critical patch every few weeks or so now.

Has the Electron team reached out for a professional security audit yet? It would really boost user's confidence in using it since so many different crypto wallets rely on it now.

Stuff like this is too trivial to justify:

https://github.com/spesmilo/electrum/issues/3374

Code:

 class RequestHandler(SimpleJSONRPCRequestHandler): 
  
     def do_OPTIONS(self): 
         self.send_response(200) 
         self.end_headers() 
  
     def end_headers(self): 
         self.send_header("Access-Control-Allow-Headers",  
                          "Origin, X-Requested-With, Content-Type, Accept") 
         self.send_header("Access-Control-Allow-Origin", "*") 
         SimpleJSONRPCRequestHandler.end_headers(self) 

Allowing * is almost always a no-no.

[danbel79]

Hello ThomasV,
Please Help Us. We were somehow hacked and lost a large amount of LTC.

I don't know what to do. Is there anyway you can help us?

I haven't updated my wallet since February 13th, 2018.
Is there a way to seek help from the creators or developers of Electrum Wallet?

Here is the transaction:
https://live.blockcypher.com/ltc/address/Lb5zQN2DnWfyvT1R3ntr5BJPkzR98P1pnG/

[HCP]

Just FYI, ThomasV probably won't be able to help you... he is not the developer behind Electrum-LTC... he is the Developer for Electrum which is exclusively BTC.

I suggest that you try and seek help from the Electrum-LTC community: https://electrum-ltc.org/#community

[BitMaxz]

Hello ThomasV,
Please Help Us. We were somehow hacked and lost a large amount of LTC.

I don't know what to do. Is there anyway you can help us?

I haven't updated my wallet since February 13th, 2018.
Is there a way to seek help from the creators or developers of Electrum Wallet?

Here is the transaction:
https://live.blockcypher.com/ltc/address/Lb5zQN2DnWfyvT1R3ntr5BJPkzR98P1pnG/

I suggest you to make a github account instead and go to this link https://github.com/pooler/electrum-ltc/issues
and post your new issue there.
Hope that programmer and developer could help you about your issue.

[MrCrank]

Hello,

On my old PC installed old version Electrum.
When I open my first wallet with 0 balance, it's ok (synced).
When I open my second wallet with balance, I see strange transaction "unknown" amount "+0." and wallet can't sync..

Who can explain this?

Thanks.

[HCP]

Possibly an old unconfirmed transaction that was stored within the wallet file (was it an outgoing transaction?) but the inputs got "double spent" in another transaction and the transaction can no longer be validated properly.

If you know what the seed is for that 2nd wallet... try and create a new version of the wallet ("File -> New/Restore -> NEWWALLETNAME -> Standard Wallet -> I already have a seed") and see if it syncs up...