Bitcoin Forum
October 20, 2019, 10:16:59 AM *
News: Latest Bitcoin Core release: 0.18.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: There has been an increased number of "fake" electrums out there, be careful.  (Read 1531 times)
Coding Enthusiast
Hero Member
*****
Offline Offline

Activity: 693
Merit: 1110


Novice C♯ Coder


View Profile WWW
December 27, 2018, 05:12:50 AM
Last edit: December 27, 2018, 05:39:09 AM by Coding Enthusiast
Merited by theymos (25), Foxpup (10), suchmoon (10), LoyceV (10), dbshck (5), NeuroticFish (5), bones261 (2), Pamoldar (2), squatter (2), Heisenberg_Hunter (2), asche (2), MagicByt3 (2), seoincorporation (1), BitHodler (1), AdolfinWolf (1), xenon131 (1), khufuking (1), sncc (1), butka (1), wry (1)
 #1

The real links are:
https://github.com/spesmilo/electrum (the github repository hosting the code)
https://electrum.org/ (website of the project)
6694D8DE7BE8EE5631BED9502BD5824B7F9470E6 (the real PGP public key of the developer)

Anything else is fake. Don't just trust me, double and triple check these values yourself.

I have also included the PGP public key because I have been seeing many scammers in the past signing the malicious Electrum releases with a PGP public key (obviously a different one that they own) and if you check the signature with their public key you will see a correct signature and it can create the illusion of being real!

Additionally if you see the following error message, ignore it and change your server. It is the malicious server of the attacker and as you can see the link is also fake:



More information:
https://github.com/spesmilo/electrum/issues/4953
https://github.com/spesmilo/electrum/issues/4968

Projects List+Suggestion box
Donation link using BIP21
Bech32 Donation link!
BitcoinTransactionTool (0.9.2):  Ann - Source Code
Watch Only Bitcoin Wallet (supporting SegWit) (3.1.0):  Ann - Source Code
SharpPusher (broadcast transactions) (0.10.0): Ann - Source Code

1571566619
Hero Member
*
Offline Offline

Posts: 1571566619

View Profile Personal Message (Offline)

Ignore
1571566619
Reply with quote  #2

1571566619
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1571566619
Hero Member
*
Offline Offline

Posts: 1571566619

View Profile Personal Message (Offline)

Ignore
1571566619
Reply with quote  #2

1571566619
Report to moderator
1571566619
Hero Member
*
Offline Offline

Posts: 1571566619

View Profile Personal Message (Offline)

Ignore
1571566619
Reply with quote  #2

1571566619
Report to moderator
1571566619
Hero Member
*
Offline Offline

Posts: 1571566619

View Profile Personal Message (Offline)

Ignore
1571566619
Reply with quote  #2

1571566619
Report to moderator
tUnes3
Jr. Member
*
Offline Offline

Activity: 39
Merit: 2


View Profile
December 27, 2018, 05:30:06 AM
 #2

Below is the link to view the public PGP key of the developer, Thomas V.

https://pgp.key-server.io/pks/lookup?op=get&search=0x2BD5824B7F9470E6

On that web page, there is a link to download the key.
Heydude1
Newbie
*
Offline Offline

Activity: 10
Merit: 10


View Profile
December 27, 2018, 06:01:18 AM
 #3

Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)
TryNinja
Legendary
*
Offline Offline

Activity: 1162
Merit: 1568



View Profile
December 27, 2018, 06:15:34 AM
Last edit: December 27, 2018, 06:27:03 AM by TryNinja
 #4

Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)
Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. There is not even a single chance the pop up came from the official Electrum. That's a fact.

Edit: thought that this was the first post from the user and literally missed the OP. Sorry.

SuperInvestor
Jr. Member
*
Offline Offline

Activity: 67
Merit: 2


View Profile
December 27, 2018, 06:16:19 AM
 #5

Hey! , Thanks for this GentleMen!, but it's too late already  Cry https://bitcointalk.org/index.php?topic=5089945.0
Coding Enthusiast
Hero Member
*****
Offline Offline

Activity: 693
Merit: 1110


Novice C♯ Coder


View Profile WWW
December 27, 2018, 06:18:49 AM
Merited by Foxpup (4)
 #6

Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?

If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.

There is not even a single chance the pop up came from the official Electrum. That's a fact.

The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.

Projects List+Suggestion box
Donation link using BIP21
Bech32 Donation link!
BitcoinTransactionTool (0.9.2):  Ann - Source Code
Watch Only Bitcoin Wallet (supporting SegWit) (3.1.0):  Ann - Source Code
SharpPusher (broadcast transactions) (0.10.0): Ann - Source Code

Heydude1
Newbie
*
Offline Offline

Activity: 10
Merit: 10


View Profile
December 27, 2018, 06:20:54 AM
 #7

Yes i fell for it because i was in a hurry and didn't expect a pop-up within a legit version to be a phishing link. Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it? I plan on wiping and reinstalling OS in the morning but don't want to if i don't have to ( i know, i know i probably should just to be safe)
Either you already had a malicious version of Electrum, or the pop up was coming from a different malicious software/website. There is not even a single chance the pop up came from the official Electrum. That's a fact.

that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968
Heydude1
Newbie
*
Offline Offline

Activity: 10
Merit: 10


View Profile
December 27, 2018, 06:27:41 AM
 #8

Do you know if they think it was just the standalone client that is the issue or is it malicious files aside from it?

If you have downloaded the files (standalone, portable, linux tar.gz file,...) from anywhere else other than the legitimate links, then they are all malicious and should not be used.


i know that, i have since wiped all the electrum files i could find since i downloaded the malicious file. I am at the point i will most likely reformat my hard drive in the morning as i am unsure at this point if any other malware was attached to it aside from the malicious client
TryNinja
Legendary
*
Offline Offline

Activity: 1162
Merit: 1568



View Profile
December 27, 2018, 06:27:50 AM
 #9

that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968
Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.

Unfortunately, there is still nothing you can do to recover your coins.

Heydude1
Newbie
*
Offline Offline

Activity: 10
Merit: 10


View Profile
December 27, 2018, 06:33:55 AM
 #10

that's actually false and i know my version was a real version. I also just saw the comments on their GitHub page. It is coming from malicious servers through official electrum client. Which prompts a pop up to download the malicious client.

https://github.com/spesmilo/electrum/issues/4968
Yeah. I thought this thread was the older one from the other user and missed the OP. Sorry about that.

Unfortunately, there is still nothing you can do to recover your coins.


i am not worried about that. I use a hardware wallet normally and only use electrum from time to time for small quick transactions.

I am however worried what was all attached the bogus client i downloaded. I have wiped anything electrum related but feel like i should be wiping my whole drive just in case.
Heydude1
Newbie
*
Offline Offline

Activity: 10
Merit: 10


View Profile
December 27, 2018, 07:40:23 AM
Merited by theymos (10)
 #11

When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.
bitdaric
Copper Member
Member
**
Offline Offline

Activity: 238
Merit: 17


View Profile WWW
December 27, 2018, 01:02:22 PM
 #12

is android version in safe? Smiley
bitcoinfuck
Full Member
***
Offline Offline

Activity: 629
Merit: 106


Europe Belongs To Christians


View Profile WWW
December 27, 2018, 01:05:51 PM
 #13

When you download the fake client they must get your seed/password somehow. I wiped electrum files then restore the wallet from seed and put 2$ in there an let it sit. They just emptied the wallet again about 30 mintues ago.


maybe UI is doing http post request of your seed ?  did you do wireshark ? or can you share the software with me i can try to run it and find which domains its connecting too

asche
Hero Member
*****
Offline Offline

Activity: 658
Merit: 745


I forgot more than you will ever know.


View Profile
December 27, 2018, 01:18:49 PM
 #14

good catch ! Thank you for sharing Smiley

Edit: was going to report the github repository but it has been closed already.

bL4nkcode
Copper Member
Hero Member
*****
Offline Offline

Activity: 1330
Merit: 781


Happy 10th anniversary Bitcointalk!


View Profile WWW
December 27, 2018, 01:19:52 PM
 #15

Threads like this bother me, luckily I'm not a fan of downloading an update of electrum as in an urgent manner, also I get nothing any notification when I opened the software.

And I do always make a practice to see the tweet of electrum official twitter account first before doing something though it might not be a good suggestion but it will help somehow. And I hope victims will not be much for this incident.

..bustadice..         ▄▄████████████▄▄
     ▄▄████████▀▀▀▀████████▄▄
   ▄███████████    ███████████▄
  █████    ████▄▄▄▄████    █████
 ██████    ████████▀▀██    ██████
██████████████████   █████████████
█████████████████▌  ▐█████████████
███    ██████████   ███████    ███
███    ████████▀   ▐███████    ███
██████████████      ██████████████
██████████████      ██████████████
 ██████████████▄▄▄▄██████████████
  ▀████████████████████████████▀
                     ▄▄███████▄▄
                  ▄███████████████▄
   ███████████  ▄████▀▀       ▀▀████▄
               ████▀      ██     ▀████
 ███████████  ████        ██       ████
             ████         ██        ████
███████████  ████     ▄▄▄▄██        ████
             ████     ▀▀▀▀▀▀        ████
 ███████████  ████                 ████
               ████▄             ▄████
   ███████████  ▀████▄▄       ▄▄████▀
                  ▀███████████████▀
                     ▀▀███████▀▀
           ▄██▄
           ████
            ██
            ▀▀
 ▄██████████████████████▄
██████▀▀██████████▀▀██████
█████    ████████    █████
█████▄  ▄████████▄  ▄█████
██████████████████████████
██████████████████████████
    ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
       ████████████
......Play......
BitHodler
Legendary
*
Offline Offline

Activity: 1414
Merit: 1168

CryptoTalk.Org - Get Paid for every Post!


View Profile
December 27, 2018, 01:55:34 PM
 #16

The "pop up message" that I posted in OP is appearing in Electrum (the real wallet software). It was a bug that was being exploited where the server can return an error message and it showed up like what you see in your wallet. The error message is returned when you send a transaction.
This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.

Another clear sign why the Core client is so dominant. It's by far the most secure client out there and people rightfully trust it with everything they have. The only thing is that average joes don't like running a full node client.

Not sure if and when, but if this continues people might lose confidence in Electrum and ditch it for good. It's a shame since it's one of the better SPV wallets available, but you can't endlessly make headlines like this....

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

      .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆

Code:
[center][table][tr][td][url=https://cryptotalk.org/topic/21-get-paid-for-every-post/][tt][font=monospace][size=5pt]  [size=1pt][color=#22528A]
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████
MagicByt3
Full Member
***
Offline Offline

Activity: 350
Merit: 181


View Profile
December 27, 2018, 02:04:31 PM
Merited by LoyceV (1)
 #17

Another reason for Full-Validation, 
Was only a matter of time before the the servers became a point of attack.


<3 Bitcoin
khufuking
Sr. Member
****
Offline Offline

Activity: 840
Merit: 266



View Profile WWW
December 27, 2018, 02:09:58 PM
 #18

I posted the warning in my local board, I hope everyone can do the same with his own language I bet we will see a lot of thread about losing Bitcoin with Electrum soon. Please, everyone, have a chance to alert others please do so.

████████              ████████
 ▀███████     █      ███████▀      ▄▄▄▄▄▄▄▄▄▄▄▄▄  ▄▄▄▄▄      ▄▄▄▄                               ▄▄         ▄▄▄        ▄▄▄▄▄▄▄▄▄▄▄▄▄   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   ▀██████   ███    ██████▀    ▄▄█████████████▀   █████      ████              ▄██▄             ███▄       ███    ▄▄█████████████▀    █████████████▀
     ▀███▌ ▄██ ██▄ █████▀     ██████▀▀▀▀▀▀▀▀▀     █████      ████            ▄██████▄           █████▄     ███   ██████▀▀▀▀▀▀▀▀▀      ████▀▀▀▀▀▀▀▀ 
       █▀▄███   █ ████▀      █████▀               ███████████████          ▄██████████▄         ███████▄   ███  █████▀     ▄▄▄▄▄▄▄▄   ████▄▄▄▄▄▄▄▄▄▄▄
       ▄████     ███▀▄       █████                ███████████████        ▄█████▀ ▀██████▄       ███ ▀████▄ ███  █████    ▄█████████   █████████████▀
     ▄█████ ▐█  ██▌▄███▄      █████▄              █████      ████      ▄█████▀     ▀██████▄     ███   ▀███████   █████▄        ████   ████
   ▄██████ ▐██ ██  ██████▄     ███████████████▀   █████      ████    ▄█████▀  ▄█████████████▄   ███     ▀█████    █████████████████   █████████████▀
 ▄██████     ███    ███████▄    ▀▀██████████▀     █████      ████  ▄█████▀  ▄█████████████████▄ ███       ▀███     ▀▀██████████████   ███████████▀
███████       █      ████████


▬▬▬▬▬▬▬▬▬▬▬▬▬▬
██████
██
██
██
██
██
██
██
██
██
██
██
██████
██████
██
██
██
██
██
██
██
██
██
██
██
██████
[
.BUY TOKEN!.
]██████
██
██
██
██
██
██
██
██
██
██
██
██████
        ▄▄████████▄▄
     ▄████████████████▄
   ▄████████████████████▄
  ███████████████▀▀  █████
 ████████████▀▀      ██████
▐████████▀▀   ▄▄     ██████▌
▐████▀▀    ▄█▀▀     ███████▌
▐████████ █▀        ███████▌
 ████████ ▄███▄   ███████
  ████████████████▄▄██████
   ▀████████████████████▀
     ▀████████████████▀
        ▀▀████████▀▀
██████
██
██
██
██
██
██
██
██
██
██
██
██████
Lucius
Legendary
*
Online Online

Activity: 1568
Merit: 1356


Fortis Fortuna Adiuvat


View Profile WWW
December 27, 2018, 02:21:32 PM
 #19

This is actually very concerning since this isn't the first time Electrum as very trusted client has had some issues to work out. Good thing however is that they are pretty quick with patching bugs.

Previous issue was fairly harmless compared to this. To users get hacked before version 3.0.5 he need to have wallet which is password unprotected and to have this wallet open on a particular web page which can then use this vulnerability to stole users funds.

This new issue is far more dangerous because hackers use original Electrum wallet to trick users to upgrade to fake wallet. For now this issue is not fixed, and the attack is still being performed. So far 15(new data say up to 250) BTC is stolen, only good thing is this happens in time of holidays when many are away from their devices and BTC.

https://bitcointalk.org/index.php?topic=5089945.0

hubballi
Sr. Member
****
Offline Offline

Activity: 882
Merit: 297


View Profile
December 27, 2018, 02:52:51 PM
Last edit: December 27, 2018, 03:09:15 PM by hubballi
 #20

The hacker have hacked 200 btc in one wallet and 243 btc in another wallet and some small btc in lot of wallets so nearby 500+ btc is stolen through this virus, and still electrum are not able to stop this hacking attack.

https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj - 243 btc

https://www.blockchain.com/btc/address/14MVEf1X4Qmrpxx6oASqzYzJQZUwwG7Fb5 - 200 btc - this has been transferred to above wallet.

So far this is the detail, more dont know

Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!