Bitcoin stolen. Electrum exploit / phishing

[thesmallgod]

Electrum wallet is too vulnerable to hacking. Almost every year we hear bad news like this about the wallet. the team should look for reliable security means to protect users.

[1715002454]

1715002454

[1715002454]

1715002454

[SistaFista]

Yeah, it was happening recently. I wonder why electrum wallet can give rich text warning to the users even from the untrusted server.
I read the article, hackers set several servers so they can catch their victim with higher chance.
On the last update of electrum wallet, i read that the hackers cannot pop up the rich text warning anymore. Any update now ?

[pooya87]

On the last update of electrum wallet, i read that the hackers cannot pop up the rich text warning anymore. Any update now ?

the link that the attacker was pushing to clients to fool them was on github, which was reported and removed the same exact day. i haven't heard of any change or new link popping up yet so basically it was over the same day i think.
as for the update, the new versions still can show you the malicious message if the server sends you one but it won't be formatted anymore. so you won't see a "link", instead it will be a messy text with its markups.

[Teamfearless]

I think its time for us to make  awareness of all this hacking tips and trick .. allot people  are afraid to join the crypto  race because all this hackers ..  and every Team must strengthening their security features so that newbie and beginners  cant lose the coins ..

[squatter]

It's unconscionable that someone would deliberately target a client favoured by casual users.  It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them. 

It's upsetting, but unfortunately we should expect it from a rational point of view. Casual users are less likely to have strong security protocols and more likely to fall for social engineering attacks like this. For most people, malware has never carried great consequences -- Bitcoin is changing that in a big way. Finding a balance between user-friendliness and security is really hard.

[funchiestz]

Initially reported on Reddit it is now mainstream news:

https://www.financemagnates.com/cryptocurrency/news/hackers-steal-250-btc-from-electrum-bitcoin-wallets/

Hackers Steal 250 BTC from Electrum Bitcoin Wallets
When ‎the user opens his wallet app, he will be redirected ‎to download a fake update created by scammers.

The official Electrum Github confirms the exploit / phishing attack.

The user appears to connect via the genuine wallet and is prompted to upload a fake "update". As part of the "update" they are prompted to enter their 2FA code. This is then used by the attackers to empty their electrum wallet.

Updates do not require a user to enter their 2FA

https://github.com/spesmilo/electrum/issues/4968

There is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction; in this case the error text is displayed as is in the client GUI. The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum

There wasn't really any extra information given, however most likely the following happened:

user was using legitimate electrum client
connected to an electrum server operated by the attacker
user tried to broadcast a txn
server replied with an error containing the above rich text message

There has been a lot of news about Electrum recently. I guess it's expected to happen. But this time the figure is very serious.

And there is a warning on BTT News you can look at it: https://bitcointalk.org/index.php?topic=5090097.0

(From BTT:  Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them.)