my electrum wallet (NEW VERSION) has been hacked

[SuperInvestor]

hello everyone! i just wanna ask about the new verision of electrum https://github.com/electrum-project/electrum/releases/tag/3.4.1 Electrum 3.4.1-stable, is everyething okay? because a few minutes ago i updated it and when i opended and launched it again, my balance has lost already and found in histor ythat it was transferred http://prntscr.com/lzza5w The transaction link is https://www.blockchain.com/btc/tx/1ccfba44e778ac7a96c057ec115c8d11338072f41ecbbe354f83966259660666 . please help me that's my only money

[1713960578]

1713960578

[1713960578]

1713960578

[1713960578]

1713960578

[SuperInvestor]

anyeone? please help me , i am willing to pay ones my funds will get back to me

[TryNinja]

This isn't the original Electrum. You fell for a fake version of it.

Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum.

This is the ONLY legit Github link: https://github.com/spesmilo/electrum

[SuperInvestor]

wait whaaat? but i did receive a notification from my old electrum that it needs to be updated and i follow the lnik given from there https://github.com/electrum-project/electrum/releases/tag/3.4.1 , also this is the official github of electrum right? https://github.com/electrum-project/electrum/releases/tag/3.4.1

[SuperInvestor]

This isn't the original Electrum. You fell for a fake version of it.

Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum.

This is the ONLY legit Github link: https://github.com/spesmilo/electrum

sir but i swear, i do really received an notification on my old electrum original that it needs to be updated.. then i do follow the link given from there.. oh no ... sir does electrum company can help me with this>?  do they own this https://github.com/electrum-project or not?

[Abdussamad]

spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

[SuperInvestor]

i just woked up very happy this evening after isleep a few hour only, i dont know this was going to happen. cant stop crying now , it takes me 15 days for those funds to be earned. i cant believe this. i downloaded that wallet from https://electrum.org/ , anyways i need to accept this. by the way i am Jack Henry from texas, im 68 years old. Thankyou for the answers. have a nice day to all 

[rabbitfairferry]

Hey I am new to all this myself but maybe next time you should verify what you download?

https://bitzuma.com/posts/how-to-verify-an-electrum-download-on-windows/

[Heydude1]

spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Just to be clear this just happened to me as well. I just made an account to comment here actually.

I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message  WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later.

It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened.

[SuperInvestor]

spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum!

the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES

Just to be clear this just happened to me as well. I just made an account to comment here actually.

I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message  WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later.

It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened.

Exactly happened to me last hour. the popup message said that my electrum needs to be updated, and if not i cant send out funds so i followed the displayed link on that popup notification and its https://github.com/electrum-project/electrum/releases/tag/3.4.1 , so yeah.  Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?

by the way, i reformat my pc and i go here to download new electrum ORIGINAL AND VERIFIED . https[Suspicious link removed] but seems cant access the site. 'This site can’t be reached' what's happening?

[Heydude1]

Yea i am not sure but also cannot download electrum from the site right now either.

My original electrum that i got the pop up on has been on here since 3.2.3 was released. i haven't updated or downloaded any new ones before tonight so i don't understand where the popup came from as it was original software

[TryNinja]

Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?

It was an exploit the hacker found out.

He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server.

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker.

More info here: https://github.com/spesmilo/electrum/issues/4968

[Heydude1]

Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?

It was an exploit the hacker found out.

He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server.

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker.

More info here: https://github.com/spesmilo/electrum/issues/4968

Yep, although i am usually good about catching things like this i foolishly fell for it this time. And i downloaded and opened the 3.4.1 file. Looked just like electrum and so i sent payment and my wallet got drained.

now i am just worried if there was something else attached to the file but i don't think so as of now because it opened just like regular electrum did with one single file in the drive/folder(on mac). i think it was just an exploited client that routed all payments sent to them. like i said before i may end up wiping my drive just in case

[adaseb]

Shouldn't this exploit be made into a sticky since it seems like a severe security concern?

Wonder if it only stole from those who used electrum as an online wallet instead of electrum offline (cold storage). Would cold storage save you in this case?

Its possible the fake software could display the correct destination BTC you entered, get you to sign the transaction offline BUT if you don't pay attention on the offline computer, there might be a entirely different destination BTC entered there that gets signed and later broadcasted online and funds get stolen.

[Lucius]

This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker.
More info here: https://github.com/spesmilo/electrum/issues/4968

It's not fixed yet,:

Hours after we were sent the screenshot, we silently made mitigations in 5248613 and 5dc240d; and released 3.3.2. This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there...

We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again.

So latest version of Electrum is still 3.3.2 https://electrum.org/#download and this attack is still possible, only change is how it is display to users now. I must admit that this is something that what was never supposed to happen, cheap trick for for naive users. Download Electrum only from official site, and even then check and verify files.



Do not download any update for Electrum, even if you get warning from legit Electrum wallet, it is expolit that hacker use to get your seed/private keys!

[bitcoinfuck]

hello everyone! i just wanna ask about the new verision of electrum https://github.com/electrum-project/electrum/releases/tag/3.4.1 Electrum 3.4.1-stable, is everyething okay? because a few minutes ago i updated it and when i opended and launched it again, my balance has lost already and found in histor ythat it was transferred http://prntscr.com/lzza5w The transaction link is https://www.blockchain.com/btc/tx/1ccfba44e778ac7a96c057ec115c8d11338072f41ecbbe354f83966259660666 . please help me that's my only money

looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

[gentlemand]

looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/

It's getting on for a 250 BTC haul now.

When it comes to updates I usually wait a few weeks just to be sure. I'd never use a computer-based wallet all the same.

[bittraffic]

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now,  it can be subjected to suspicions.

[killerjoegreece]

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now,  it can be subjected to suspicions.

The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.

[bL4nkcode]

Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now,  it can be subjected to suspicions.

The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.

Obviously, hardware wallet can prevent this to happen if ever people have them, even though they can afford to buy it but due to some reason in which they prioritized, they didn't and they lost this much.

[gentlemand]

The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.

This has absolutely nothing to do with Bitcoin's code. The moment they started to introduce 'consumer protection measures' into the code itself is the moment it's abandoned by the people who develop it.

[veleten]

sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam
I got countless fishing messages from fake blockchain, coinbase and other wallets to develop immunity to this sort of scam
unfortunately, too many users learn the hard way and lose all of their money, at least all you lost was 0.04 btc which is painful but not the end of the world

[gentlemand]

sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam

This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions.

It still sucks but it's more understandable that more would fall for this.

[ranman09]

It still sucks but it's more understandable that more would fall for this.

Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked?

I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance.

[jackg]

It still sucks but it's more understandable that more would fall for this.

Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked?

I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance.

Don’t update software as soon as it’s released. I have a 30 day cooling off period for example.
The cooling off period isn’t great but it means if something is wrong, it’s probably been spotted. This potentially means I should also start verifying signatures to be more secure or at least the sha checksum.

[veleten]

sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam

This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions.

It still sucks but it's more understandable that more would fall for this.

yes, I agree when you receive such a message in the wallet itself it adds credibility
but I would go to the official site and check the news and download there
in any case , Electrum just lost many potential users due to this strange security lapse

[stomachgrowls]

sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet
make sure you check ten times if its legit
in 99% cases its a scam

This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions.

It still sucks but it's more understandable that more would fall for this.

yes, I agree when you receive such a message in the wallet itself it adds credibility
but I would go to the official site and check the news and download there
in any case , Electrum just lost many potential users due to this strange security lapse

You cant say such thing because even im on the situation i would be most likely to believe since most of us do know
the reputation of Electrum so if its on wallet message then high chance it would really get attention.You would only
realize that you loss money if such news pop-out or people already starting to lose money.

[bL4nkcode]

Obviously, hardware wallet can prevent this to happen if ever people have them, even though they can afford to buy it but due to some reason in which they prioritized, they didn't and they lost this much.

It might try and send it to a different address with a hardware wallet still and people would have to pay attention to the receiving address located on the hardware screen, which could still lead to a loss of funds since so many don't pay attention to that.

But that's not the case here.

And everyone who has hardware wallet should and make it a practice to double check the address for confirmation that shows in the screen before sending.

yes, I agree when you receive such a message in the wallet itself it adds credibility
but I would go to the official site and check the news and download there
in any case , Electrum just lost many potential users due to this strange security lapse

Well, yeah every time there's an update I always go to the official website and download the software. But regarding to notification, I never received any or pop up in my computer that there's an update etc. even before this hack happens. It only notifies me when I sent and received funds.

[ranman09]

It still sucks but it's more understandable that more would fall for this.

Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked?

I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance.

Don’t update software as soon as it’s released. I have a 30 day cooling off period for example.
The cooling off period isn’t great but it means if something is wrong, it’s probably been spotted. This potentially means I should also start verifying signatures to be more secure or at least the sha checksum.

That's a great suggestion. But I hope that becomes one of the general knowledge for software updates.

[bL4nkcode]

There's an update of electrum wallet of a fixed 3.3.2 and now it's from their official twitter and should be downloaded only from its official source https://electrum.org/#download

[BitcoinGirl.Club]

looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/

It's getting on for a 250 BTC haul now.

When it comes to updates I usually wait a few weeks just to be sure. I'd never use a computer-based wallet all the same.

All the Bitcoins are ending to this address: 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
I feel sorry for OP and all those people who are victim of this scammer. Hopefully karma follows him/her.

I am glad that I have seen this topic before making the same mistake like OP or I would lose my coins too.

Good luck everyone. Please keep your coins safe.

[veleten]

looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now

https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/

It's getting on for a 250 BTC haul now.

When it comes to updates I usually wait a few weeks just to be sure. I'd never use a computer-based wallet all the same.

All the Bitcoins are ending to this address: 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
I feel sorry for OP and all those people who are victim of this scammer. Hopefully karma follows him/her.

I am glad that I have seen this topic before making the same mistake like OP or I would lose my coins too.

Good luck everyone. Please keep your coins safe.

checked my Electrum, doesn't seem to have any messages, guess it depends on a system you are running it on 
Electrum updated the wallet but they made it version 3.3.2 compared to 3.2.2 , I have no idea why would they not change the last digit as well , like 3.3.0 or 3.3.1 ?

1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
more than 1 mil dollars amassed so far on this wallet, crazy to think that they managed to scam this amount of money

[jackg]

@veleten, I think it depends on the server you're connected to? Or maybe it's a firewall thing or something. I think electrum works by sending the error message from the server and thus a link can be sent too.

There are a few trusted peers among the network which I normally connect to, a few forum members here host a node also.

Also, those are version numbers, it's likely 3.3.0 and 3.3.1 are non stable releases and used as milestones in the production process. They are probably on GitHub but I wouldn't recommend using them as the word unstable should carry some power.

[Lucius]

checked my Electrum, doesn't seem to have any messages, guess it depends on a system you are running it on 
Electrum updated the wallet but they made it version 3.3.2 compared to 3.2.2 , I have no idea why would they not change the last digit as well , like 3.3.0 or 3.3.1 ?

1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj
more than 1 mil dollars amassed so far on this wallet, crazy to think that they managed to scam this amount of money

You will only see that message if you try to send transaction and if you are connected to bad server which is used by hacker. I send few transaction with Ledger Nano S+Electrum and there is no any pop message about updating.

Electrum did not release a new version, they only change way how that message is display - so there is no direct clickable link in message, and now users can only copy/paste bad link. Last version of Electrum is from 2018-12-21 and number of version is 3.3.2.

https://download.electrum.org/

[BitcoinGirl.Club]

<snip>

<snip>

This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.

[jackg]

<snip>

<snip>

This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.

My suggested 30 days is probably a pessimistic one, 14 or something is potentially fine to have enough people to have tested it. I make the time longer so I don't have to fight my antivirus too...

That being said, as long as there's no major vulnerability. It's safe to use an old version, or would be in other cases, if you're trigger happy then it's not based on the current vulnerability. I'm not even sure what they could possibly do to fix the vulnerability which is my concern unless an error code is just sent but that'll have to be tested for an index out of range error and would mean less backwards compatibility. (An alternative, probably better approach is to use thomasV's Bitcoin address and the signed message beneath and then it'll be obvious for people using an old version if it's not there and newer versions could verify the signature on receiving the message).

[HCP]

... I'm not even sure what they could possibly do to fix the vulnerability which is my concern unless an error code is just sent but that'll have to be tested for an index out of range error and would mean less backwards compatibility.

The problem with attempting to "properly fix" this issue... is that all the Electrum Servers would need to be updated so that they returned something meaningful for the client to parse.

Someone posted a link in another thread about the Electron Cash "hack" that they implemented in the client... which, while effective, is not really a "proper fix".

Also, it isn't really a vulnerability in the typical sense of the word. There isn't a direct security vulnerability with an immediate threat to the user. It doesn't auto-download any malware, the user's wallet/seed/keys are not at risk etc... unless the user manually downloads the malicious client and executes it.

(An alternative, probably better approach is to use thomasV's Bitcoin address and the signed message beneath and then it'll be obvious for people using an old version if it's not there and newer versions could verify the signature on receiving the message).

How would you sign the message without the private key? You'd need the Electrum server code to have access to that to be able to sign the message...

[Lucius]

This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.

It makes no sense to exaggerate in this situation, you can open your Electrum and receive/send transaction without fear that your wallet will be compromised. As HCP say, you can only be affected by this threat if you download fake wallet, and only thing you need to do is close that popup window if it appears on your screen.

[jackg]

How would you sign the message without the private key? You'd need the Electrum server code to have access to that to be able to sign the message...

The idea being that a lot of the error coded and error messages I get at least are not specific to the issue so the text could previously be signed by thomasv to determine their authority. I don't think there's ever a full fix without larger exact evaluations of the issues.