|
|
|
|
Bitcoin mining is now a specialized and very risky industry, just like gold mining. Amateur miners are unlikely to make much money, and may even lose money. Bitcoin is much more than just mining, though!
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
SuperInvestor (OP)
Jr. Member
Offline
Activity: 66
Merit: 2
|
|
December 27, 2018, 03:23:10 AM |
|
anyeone? please help me , i am willing to pay ones my funds will get back to me
|
|
|
|
TryNinja
Legendary
Offline
Activity: 2814
Merit: 6970
|
|
December 27, 2018, 03:24:16 AM |
|
This isn't the original Electrum. You fell for a fake version of it. Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum. This is the ONLY legit Github link: https://github.com/spesmilo/electrum
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
|
SuperInvestor (OP)
Jr. Member
Offline
Activity: 66
Merit: 2
|
|
December 27, 2018, 03:29:16 AM |
|
This isn't the original Electrum. You fell for a fake version of it. Unfortunately, there is nothing you can do. Your coins are gone and your computer is compromised. Reinstall your OS and create a new wallet from the ORIGINAL Electrum. This is the ONLY legit Github link: https://github.com/spesmilo/electrumsir but i swear, i do really received an notification on my old electrum original that it needs to be updated.. then i do follow the link given from there.. oh no ... sir does electrum company can help me with this>? do they own this https://github.com/electrum-project or not?
|
|
|
|
Abdussamad
Legendary
Online
Activity: 3598
Merit: 1560
|
|
December 27, 2018, 03:32:17 AM |
|
spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum! the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES
|
|
|
|
SuperInvestor (OP)
Jr. Member
Offline
Activity: 66
Merit: 2
|
|
December 27, 2018, 03:40:10 AM |
|
i just woked up very happy this evening after isleep a few hour only, i dont know this was going to happen. cant stop crying now , it takes me 15 days for those funds to be earned. i cant believe this. i downloaded that wallet from https://electrum.org/ , anyways i need to accept this. by the way i am Jack Henry from texas, im 68 years old. Thankyou for the answers. have a nice day to all
|
|
|
|
|
Heydude1
Newbie
Offline
Activity: 10
Merit: 10
|
|
December 27, 2018, 05:04:45 AM |
|
spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum! the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTESJust to be clear this just happened to me as well. I just made an account to comment here actually. I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later. It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened.
|
|
|
|
SuperInvestor (OP)
Jr. Member
Offline
Activity: 66
Merit: 2
|
|
December 27, 2018, 05:44:50 AM |
|
spesmilo one is the real one. also there are no update notifications anymore. that was removed many versions back because of privacy concerns. you downloaded a fake electrum from some site and then updated the fake electrum! the latest version is 3.3.2 https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTESJust to be clear this just happened to me as well. I just made an account to comment here actually. I have the same version of electrum i always use, nothing changed today. Went to go send coin and received a pop up error message WITHIN THE REAL ELECTRUM that i cannot sent the payment until i upgrade due to security issues. I am usually diligent about this stuff but it was a long day and i was in a hurry. Github even has the links verified on that phishing one so i just downloaded. Sent the payment again in the new one and the money was gone 10 minutes later. It's my fault for using that one without doing more verification...but something happened where someone was able to send an alert/pop up through the real electrum. I don't understand how that happened. Exactly happened to me last hour. the popup message said that my electrum needs to be updated, and if not i cant send out funds so i followed the displayed link on that popup notification and its https://github.com/electrum-project/electrum/releases/tag/3.4.1 , so yeah. Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM? by the way, i reformat my pc and i go here to download new electrum ORIGINAL AND VERIFIED . https[Suspicious link removed] but seems cant access the site. 'This site can’t be reached' what's happening?
|
|
|
|
Heydude1
Newbie
Offline
Activity: 10
Merit: 10
|
|
December 27, 2018, 05:48:03 AM |
|
Yea i am not sure but also cannot download electrum from the site right now either.
My original electrum that i got the pop up on has been on here since 3.2.3 was released. i haven't updated or downloaded any new ones before tonight so i don't understand where the popup came from as it was original software
|
|
|
|
TryNinja
Legendary
Offline
Activity: 2814
Merit: 6970
|
Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?
It was an exploit the hacker found out. He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server. This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. More info here: https://github.com/spesmilo/electrum/issues/4968
|
. .HUGE. | | | | | | █▀▀▀▀ █ █ █ █ █ █ █ █ █ █ █ █▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ . CASINO & SPORTSBOOK ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█ █ █ █ █ █ █ █ █ █ █ █ ▄▄▄▄█ | | |
|
|
|
Heydude1
Newbie
Offline
Activity: 10
Merit: 10
|
|
December 27, 2018, 07:04:52 AM |
|
Electrum seems not secured enough, i am not saying the main wallet but that popup notification. How the hell gets it there inside the ORIGINAL SOFTWARE OF ELECTRUM?
It was an exploit the hacker found out. He created a few Electrum servers which handled a customized error message when you tried to send a transaction. Unfortunately, you could make the custom error message show up as an Electrum pop up message. So the hacker created the fake "update right now" warning and made it show up for those who were connected to his server. This was already fixed in the latest version 3.3.2, but unfortunately, you were one of the victims of the hacker. More info here: https://github.com/spesmilo/electrum/issues/4968Yep, although i am usually good about catching things like this i foolishly fell for it this time. And i downloaded and opened the 3.4.1 file. Looked just like electrum and so i sent payment and my wallet got drained. now i am just worried if there was something else attached to the file but i don't think so as of now because it opened just like regular electrum did with one single file in the drive/folder(on mac). i think it was just an exploited client that routed all payments sent to them. like i said before i may end up wiping my drive just in case
|
|
|
|
adaseb
Legendary
Offline
Activity: 3738
Merit: 1708
|
|
December 27, 2018, 09:15:42 AM |
|
Shouldn't this exploit be made into a sticky since it seems like a severe security concern?
Wonder if it only stole from those who used electrum as an online wallet instead of electrum offline (cold storage). Would cold storage save you in this case?
Its possible the fake software could display the correct destination BTC you entered, get you to sign the transaction offline BUT if you don't pay attention on the offline computer, there might be a entirely different destination BTC entered there that gets signed and later broadcasted online and funds get stolen.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3220
Merit: 5626
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
December 27, 2018, 11:20:27 AM |
|
It's not fixed yet,: Hours after we were sent the screenshot, we silently made mitigations in 5248613 and 5dc240d; and released 3.3.2. This is not a true fix, but the more proper fix of using error codes would entail upgrading the whole federated server ecosystem out there...
We did not publicly disclose this until now, as around the time of the 3.3.2 release, the attacker stopped; however they now started the attack again. So latest version of Electrum is still 3.3.2 https://electrum.org/#download and this attack is still possible, only change is how it is display to users now. I must admit that this is something that what was never supposed to happen, cheap trick for for naive users. Download Electrum only from official site, and even then check and verify files. Do not download any update for Electrum, even if you get warning from legit Electrum wallet, it is expolit that hacker use to get your seed/private keys!
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
bitcoinfuck
Full Member
Offline
Activity: 634
Merit: 106
Europe Belongs To Christians
|
|
December 27, 2018, 01:03:14 PM |
|
looks like he already scammed 15 BTC, sad brother, but there is nothing that will help you now
|
|
|
|
|
bittraffic
|
|
December 27, 2018, 02:32:19 PM |
|
Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now, it can be subjected to suspicions.
|
|
|
|
killerjoegreece
Legendary
Offline
Activity: 1666
Merit: 1007
Professional Native Greek Translator (2000+ done)
|
|
December 27, 2018, 02:48:02 PM |
|
Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now, it can be subjected to suspicions.
The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.
|
|
|
|
bL4nkcode
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
|
|
December 27, 2018, 03:17:28 PM |
|
Jesus! Well its all gone now, you couldn't expect the hacker to return it of course. Consider it lost forever. All the while you thought its safe when it can actually be faked, its actually easy to fall for it because it looks very legit. I thought its just the online wallet that can be used for phishing, installing a desktop wallet was the safest I know but now, it can be subjected to suspicions.
The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit. Obviously, hardware wallet can prevent this to happen if ever people have them, even though they can afford to buy it but due to some reason in which they prioritized, they didn't and they lost this much.
|
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3008
Welt Am Draht
|
|
December 27, 2018, 03:51:57 PM |
|
The Bitcoin codebase is still so young right now and comparable to the early internet. Devs will learn from these mistakes and carry on. I hope no more people loose money to this exploit.
This has absolutely nothing to do with Bitcoin's code. The moment they started to introduce 'consumer protection measures' into the code itself is the moment it's abandoned by the people who develop it.
|
|
|
|
veleten
Legendary
Offline
Activity: 2016
Merit: 1106
|
|
December 27, 2018, 05:41:26 PM |
|
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet make sure you check ten times if its legit in 99% cases its a scam I got countless fishing messages from fake blockchain, coinbase and other wallets to develop immunity to this sort of scam unfortunately, too many users learn the hard way and lose all of their money, at least all you lost was 0.04 btc which is painful but not the end of the world
|
|
|
|
gentlemand
Legendary
Offline
Activity: 2590
Merit: 3008
Welt Am Draht
|
|
December 27, 2018, 05:48:54 PM |
|
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet make sure you check ten times if its legit in 99% cases its a scam
This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions. It still sucks but it's more understandable that more would fall for this.
|
|
|
|
ranman09
|
|
December 27, 2018, 10:18:27 PM |
|
It still sucks but it's more understandable that more would fall for this.
Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked? I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
December 27, 2018, 10:53:11 PM |
|
It still sucks but it's more understandable that more would fall for this.
Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked? I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance. Don’t update software as soon as it’s released. I have a 30 day cooling off period for example. The cooling off period isn’t great but it means if something is wrong, it’s probably been spotted. This potentially means I should also start verifying signatures to be more secure or at least the sha checksum.
|
|
|
|
veleten
Legendary
Offline
Activity: 2016
Merit: 1106
|
|
December 28, 2018, 05:28:47 AM |
|
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet make sure you check ten times if its legit in 99% cases its a scam
This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions. It still sucks but it's more understandable that more would fall for this. yes, I agree when you receive such a message in the wallet itself it adds credibility but I would go to the official site and check the news and download there in any case , Electrum just lost many potential users due to this strange security lapse
|
|
|
|
stomachgrowls
|
|
December 28, 2018, 05:38:09 AM |
|
sad for your loss, but whenever you receive an email or message from any "bank" or in this case wallet make sure you check ten times if its legit in 99% cases its a scam
This is an in wallet message which most would pay far more attention to than some random email which would guarantee an insta ignore. I can imagine many people would've unthinkingly followed its instructions. It still sucks but it's more understandable that more would fall for this. yes, I agree when you receive such a message in the wallet itself it adds credibility but I would go to the official site and check the news and download there in any case , Electrum just lost many potential users due to this strange security lapse You cant say such thing because even im on the situation i would be most likely to believe since most of us do know the reputation of Electrum so if its on wallet message then high chance it would really get attention.You would only realize that you loss money if such news pop-out or people already starting to lose money.
|
| . .Duelbits. | │ | | │ | ▄▄█▄▄░░▄▄█▄▄░░▄▄█▄▄ ███░░░░███░░░░███ ▀░░░▀░░▀░░░▀░░▀░░░▀ ▄░░░░░░░░░░░░ ▀██████████ ░░░░░███░░░░▀ ░░█░░░███▄█░░░█ ░░██▌░░███░▀░░██▌ ░█░██░░███░░░█░██ ░█▀▀▀█▌░███░░█▀▀▀█▌ ▄█▄░░░██▄███▄█▄░░▄██▄ ▄███▄ ░░░░▀██▄▀ | . REGIONAL SPONSOR | | ███▀██▀███▀█▀▀▀▀██▀▀▀██ ██░▀░██░█░███░▀██░███▄█ █▄███▄██▄████▄████▄▄▄██ ██▀ ▀███▀▀░▀██▀▀▀██████ ███▄███░▄▀██████▀█▀█▀▀█ ████▀▀██▄▀█████▄█▀███▄█ ███▄▄▄████████▄█▄▀█████ ███▀▀▀████████████▄▀███ ███▄░▄█▀▀▀██████▀▀▀▄███ ███████▄██▄▌████▀▀█████ ▀██▄███▀██▄█▄▄▄██▄████▀ ▀▀██████████▄▄███▀▀ ▀▀▀▀█▀▀▀▀ | . EUROPEAN BETTING PARTNER | |
|
|
|
bL4nkcode
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
|
|
December 28, 2018, 07:25:36 AM |
|
Obviously, hardware wallet can prevent this to happen if ever people have them, even though they can afford to buy it but due to some reason in which they prioritized, they didn't and they lost this much.
It might try and send it to a different address with a hardware wallet still and people would have to pay attention to the receiving address located on the hardware screen, which could still lead to a loss of funds since so many don't pay attention to that. But that's not the case here. And everyone who has hardware wallet should and make it a practice to double check the address for confirmation that shows in the screen before sending. yes, I agree when you receive such a message in the wallet itself it adds credibility but I would go to the official site and check the news and download there in any case , Electrum just lost many potential users due to this strange security lapse
Well, yeah every time there's an update I always go to the official website and download the software. But regarding to notification, I never received any or pop up in my computer that there's an update etc. even before this hack happens. It only notifies me when I sent and received funds.
|
|
|
|
ranman09
|
|
December 29, 2018, 01:20:36 AM |
|
It still sucks but it's more understandable that more would fall for this.
Agreed even if I were presented by this message out of nowhere when I am doing a natural thing for me of sending funds. I would fall for this trap. Just wondered, he said he downloaded from electrum.org? Isn't that the true website? Or is it already hacked? I hope developers do something about this. Not all people have the time to read such discussions like this. They just do what they been doing ever since. It's been 10 years of bitcoin so I guess more got the habit of using it and have the habit in mind to always update software for better performance. Don’t update software as soon as it’s released. I have a 30 day cooling off period for example. The cooling off period isn’t great but it means if something is wrong, it’s probably been spotted. This potentially means I should also start verifying signatures to be more secure or at least the sha checksum. That's a great suggestion. But I hope that becomes one of the general knowledge for software updates.
|
|
|
|
bL4nkcode
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
|
|
December 29, 2018, 02:59:58 AM Last edit: December 29, 2018, 03:18:29 AM by bL4nkcode |
|
There's an update of electrum wallet of a fixed 3.3.2 and now it's from their official twitter and should be downloaded only from its official source https://electrum.org/#download
|
|
|
|
BitcoinGirl.Club
Legendary
Offline
Activity: 2758
Merit: 2711
Farewell LEO: o_e_l_e_o
|
|
December 29, 2018, 10:05:15 PM |
|
All the Bitcoins are ending to this address: 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkjI feel sorry for OP and all those people who are victim of this scammer. Hopefully karma follows him/her. I am glad that I have seen this topic before making the same mistake like OP or I would lose my coins too. Good luck everyone. Please keep your coins safe.
|
|
|
|
veleten
Legendary
Offline
Activity: 2016
Merit: 1106
|
|
December 30, 2018, 11:41:01 AM |
|
All the Bitcoins are ending to this address: 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkjI feel sorry for OP and all those people who are victim of this scammer. Hopefully karma follows him/her. I am glad that I have seen this topic before making the same mistake like OP or I would lose my coins too. Good luck everyone. Please keep your coins safe. checked my Electrum, doesn't seem to have any messages, guess it depends on a system you are running it on Electrum updated the wallet but they made it version 3. 3.2 compared to 3. 2.2 , I have no idea why would they not change the last digit as well , like 3.3.0 or 3.3.1 ? 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkjmore than 1 mil dollars amassed so far on this wallet, crazy to think that they managed to scam this amount of money
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
December 30, 2018, 12:24:49 PM |
|
@veleten, I think it depends on the server you're connected to? Or maybe it's a firewall thing or something. I think electrum works by sending the error message from the server and thus a link can be sent too.
There are a few trusted peers among the network which I normally connect to, a few forum members here host a node also.
Also, those are version numbers, it's likely 3.3.0 and 3.3.1 are non stable releases and used as milestones in the production process. They are probably on GitHub but I wouldn't recommend using them as the word unstable should carry some power.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3220
Merit: 5626
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
December 30, 2018, 01:39:00 PM |
|
checked my Electrum, doesn't seem to have any messages, guess it depends on a system you are running it on Electrum updated the wallet but they made it version 3. 3.2 compared to 3. 2.2 , I have no idea why would they not change the last digit as well , like 3.3.0 or 3.3.1 ? 1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkjmore than 1 mil dollars amassed so far on this wallet, crazy to think that they managed to scam this amount of money You will only see that message if you try to send transaction and if you are connected to bad server which is used by hacker. I send few transaction with Ledger Nano S+Electrum and there is no any pop message about updating. Electrum did not release a new version, they only change way how that message is display - so there is no direct clickable link in message, and now users can only copy/paste bad link. Last version of Electrum is from 2018-12-21 and number of version is 3.3.2. https://download.electrum.org/
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
BitcoinGirl.Club
Legendary
Offline
Activity: 2758
Merit: 2711
Farewell LEO: o_e_l_e_o
|
|
December 30, 2018, 06:23:27 PM |
|
<snip>
<snip>
This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
December 30, 2018, 07:19:03 PM |
|
<snip>
<snip>
This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread. My suggested 30 days is probably a pessimistic one, 14 or something is potentially fine to have enough people to have tested it. I make the time longer so I don't have to fight my antivirus too... That being said, as long as there's no major vulnerability. It's safe to use an old version, or would be in other cases, if you're trigger happy then it's not based on the current vulnerability. I'm not even sure what they could possibly do to fix the vulnerability which is my concern unless an error code is just sent but that'll have to be tested for an index out of range error and would mean less backwards compatibility. (An alternative, probably better approach is to use thomasV's Bitcoin address and the signed message beneath and then it'll be obvious for people using an old version if it's not there and newer versions could verify the signature on receiving the message).
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
December 31, 2018, 05:35:48 AM |
|
... I'm not even sure what they could possibly do to fix the vulnerability which is my concern unless an error code is just sent but that'll have to be tested for an index out of range error and would mean less backwards compatibility.
The problem with attempting to "properly fix" this issue... is that all the Electrum Servers would need to be updated so that they returned something meaningful for the client to parse. Someone posted a link in another thread about the Electron Cash "hack" that they implemented in the client... which, while effective, is not really a "proper fix". Also, it isn't really a vulnerability in the typical sense of the word. There isn't a direct security vulnerability with an immediate threat to the user. It doesn't auto-download any malware, the user's wallet/seed/keys are not at risk etc... unless the user manually downloads the malicious client and executes it. (An alternative, probably better approach is to use thomasV's Bitcoin address and the signed message beneath and then it'll be obvious for people using an old version if it's not there and newer versions could verify the signature on receiving the message). How would you sign the message without the private key? You'd need the Electrum server code to have access to that to be able to sign the message...
|
|
|
|
Lucius
Legendary
Offline
Activity: 3220
Merit: 5626
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
December 31, 2018, 10:27:36 AM |
|
This whole thing is making me paranoid. Honestly speaking since I have seen this hacking news I am not opening my Electrum. I am waiting for the cool down period that jackg said on other thread.
It makes no sense to exaggerate in this situation, you can open your Electrum and receive/send transaction without fear that your wallet will be compromised. As HCP say, you can only be affected by this threat if you download fake wallet, and only thing you need to do is close that popup window if it appears on your screen.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
December 31, 2018, 12:56:17 PM |
|
The idea being that a lot of the error coded and error messages I get at least are not specific to the issue so the text could previously be signed by thomasv to determine their authority. I don't think there's ever a full fix without larger exact evaluations of the issues.
|
|
|
|
|