There has been an increased number of "fake" electrums out there, be careful.

[Coding Enthusiast]

The real links are:
https://github.com/spesmilo/electrum (the github repository hosting the code)
https://electrum.org/ (website of the project)
6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 (the real PGP public key of the developer)

Anything else is fake. Don't just trust me, double and triple check these values yourself.

I have also included the PGP public key because I have been seeing many scammers in the past signing the malicious Electrum releases with a PGP public key (obviously a different one that they own) and if you check the signature with their public key you will see a correct signature and it can create the illusion of being real!

Additionally if you see the following error message, ignore it and change your server. It is the malicious server of the attacker and as you can see the link is also fake:



More information:
https://github.com/spesmilo/electrum/issues/4953
https://github.com/spesmilo/electrum/issues/4968

[tUnes3]

Below is the link to view the public PGP key of the developer, Thomas V.

https://pgp.key-server.io/pks/lookup?op=get&search=0x2BD5824B7F9470E6

On that web page, there is a link to download the key.

[Heydude1]

Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)

[TryNinja]

Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)

Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. There is not even a single chance the pop up came from the official Electrum. That's a fact.

Edit: thought that this was the first post from the user and literally missed the OP. Sorry.

[SuperInvestor]

Hey! , Thanks for this GentleMen!, but it's too late already   https://bitcointalk.org/index.php?topic=5089945.0

[Coding Enthusiast]

Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?

If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.

There is not even a single chance the pop up came from the official Electrum. That's a fact.

The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.

[Heydude1]

Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)

Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. There is not even a single chance the pop up came from the official Electrum. That's a fact.

that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968

[Heydude1]

Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?

If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.

i know that, i have since wiped all the electrum files i could find since i downloaded the malicious file. I am at the point i will most likely reformat my hard drive in the morning as i am unsure at this point if any other malware was attached to it aside from the malicious client

[TryNinja]

that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968

Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.

Unfortunately, there is still nothing you can do to recover your coins.

[Heydude1]

that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968

Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.

Unfortunately, there is still nothing you can do to recover your coins.

i am not worried about that. I use a hardware wallet normally and only use electrum from time to time for small quick transactions.

I am however worried what was all attached the bogus client i downloaded. I have wiped anything electrum related but feel like i should be wiping my whole drive just in case.

[Heydude1]

When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.

[bitdaric]

is android version in safe?

[bitcoinfuck]

When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.

maybe UI is doing http post request of your seed ?  did you do wireshark ? or can you share the software with me i can try to run it and find which domains its connecting too

[asche]

good catch ! Thank you for sharing

Edit: was going to report the github repository but it has been closed already.

[bL4nkcode]

Threads like this bother me, luckily I'm not a fan of downloading an update of electrum as in an urgent manner, also I get nothing any notification when I opened the software.

And I do always make a practice to see the tweet of electrum official twitter account first before doing something though it might not be a good suggestion but it will help somehow. And I hope victims will not be much for this incident.

[BitHodler]

The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.

This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.

Another clear sign why the Core client is so dominant. It's by far the most secure client out there and people rightfully trust it with everything they have. The only thing is that average joes don't like running a full node client.

Not sure if and when, but if this continues people might lose confidence in Electrum and ditch it for good. It's a shame since it's one of the better SPV wallets available, but you can't endlessly make headlines like this....

[DaCryptoRaccoon]

Another reason for Full-Validation, 
Was only a matter of time before the the servers became a point of attack.

[khufuking]

I posted the warning in my local board, I hope everyone can do the same with his own language I bet we will see a lot of thread about losing Bitcoin with Electrum soon. Please, everyone, have a chance to alert others please do so.

[Lucius]

This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.

Previous issue was fairly harmless compared to this. To users get hacked before version 3.0.5 he need to have wallet which is password unprotected and to have this wallet open on a particular web page which can then use this vulnerability to stole users funds.

This new issue is far more dangerous because hackers use original Electrum wallet to trick users to upgrade to fake wallet. For now this issue is not fixed, and the attack is still being performed. So far 15(new data say up to 250) BTC is stolen, only good thing is this happens in time of holidays when many are away from their devices and BTC.

https://bitcointalk.org/index.php?topic=5089945.0

[hubballi]

The hacker have hacked 200 btc in one wallet and 243 btc in another wallet and some small btc in lot of wallets so nearby 500+ btc is stolen through this virus, and still electrum are not able to stop this hacking attack.

https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj - 243 btc

https://www.blockchain.com/btc/address/14MVEf1X4Qmrpxx6oASqzYzJQZUwwG7Fb5 - 200 btc - this has been transferred to above wallet.

So far this is the detail, more dont know