Bitcoin Forum
September 27, 2021, 02:24:32 AM *
News: Latest Bitcoin Core release: 22.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 4 »  All
  Print  
Author Topic: There has been an increased number of "fake" electrums out there, be careful.  (Read 1803 times)
Chandu141
Sr. Member
****
Offline Offline

Activity: 368
Merit: 250


Your Campaign Manager!


View Profile
December 27, 2018, 03:52:22 PM
 #21

Looks like the exploit over and all the funds stolen from three servers transferred to the explorer's main wallet which shows about 243.5 BTC  
https://www.blockchain.com/btc/address/1MkM9Q6xo5AHZkLv2sTGLYb3zVreE6wBkj

may be more incoming may appear.. but i am suspecting this is their bank address..  

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
Coding Enthusiast
Legendary
*
Offline Offline

Activity: 985
Merit: 1998


Bitcoin and C♯ Enthusiast


View Profile WWW
December 27, 2018, 04:16:10 PM
 #22

Another reason for Full-Validation, 
Was only a matter of time before the the servers became a point of attack.

This has nothing to do with being an SPV client. It is about the implementation (software) having a flaw that was exploited and it can happen to any software whether it is a full node or an SPV one.
The weakness was in a "feature" in Electrum where the server you connect to can send you a well formatted message (containing a link like the posted screenshot for example).

It may not be completely similar but Bitcoin-Core's alert system comes to mind which was a point of weakness that could be exploited in a similar fashion. That is removed now.

Projects List+Suggestion box
Donate: 1Q9s or bc1q
|
|
|
FinderOuter(0.12.1)Ann-git
Denovo(0.1.0)Ann-git
Bitcoin.Net(0.14.0)Ann-git
|
|
|
BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.11.0)Ann-git
squatter
Legendary
*
Offline Offline

Activity: 1666
Merit: 1187


STOP SNITCHIN'


View Profile
December 27, 2018, 06:35:05 PM
 #23

Thanks so much for the warning, Coding Enthusiast.

Just to clarify, we're safe as long as we don't follow the link and download the software, correct? Is there any danger if you use a watching-only/offline signing setup?

HCP
Legendary
*
Offline Offline

Activity: 1820
Merit: 3859

<insert witty quote here>


View Profile
December 27, 2018, 07:04:57 PM
 #24

Just to clarify, we're safe as long as we don't follow the link and download the software, correct? Is there any danger if you use a watching-only/offline signing setup?
That is correct.

The current client itself is "safe"... This is a social engineering exploit that was abusing a "feature" within the Electrum client to try and trick users into downloading a malicious version of the client. The attack requires that you to download and run the malicious software to steal your coins.

So, if you are currently using the client from https://electrum.org/#download and have not downloaded or installed the "fake" client that was being promoted in this attack, you will be OK.

kano
Legendary
*
Offline Offline

Activity: 3612
Merit: 1465


Linux since 1997 RedHat 4


View Profile
December 27, 2018, 09:23:16 PM
 #25

So ... since the hack is provided by github, can you blame Microsoft for it?

Pool: https://kano.is - lowest fee PPLNS 3 Days - Most reliable Solo with ONLY 0.5% fee   Bitcointalk thread: Forum
Discord support invite at https://kano.is/ Majority developer of the ckpool code - k for kano
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
kano
Legendary
*
Offline Offline

Activity: 3612
Merit: 1465


Linux since 1997 RedHat 4


View Profile
December 27, 2018, 09:53:32 PM
 #26

...
It may not be completely similar but Bitcoin-Core's alert system comes to mind which was a point of weakness that could be exploited in a similar fashion. That is removed now.
I'm pretty sure no security expert would call them similar since core required a security key ...

Pool: https://kano.is - lowest fee PPLNS 3 Days - Most reliable Solo with ONLY 0.5% fee   Bitcointalk thread: Forum
Discord support invite at https://kano.is/ Majority developer of the ckpool code - k for kano
Help keep Bitcoin secure by mining on pools with full block verification on all blocks - and NO empty blocks!
Heydude1
Newbie
*
Offline Offline

Activity: 10
Merit: 10


View Profile
December 27, 2018, 10:07:57 PM
 #27

So ... since the hack is provided by github, can you blame Microsoft for it?

The electrum-projects one was actually verified by github and had the green verified logo next to it. That is another factor that led to me downloading it.

I emailed them about that and got no response.
HCP
Legendary
*
Offline Offline

Activity: 1820
Merit: 3859

<insert witty quote here>


View Profile
December 28, 2018, 12:22:54 AM
 #28

The electrum-projects one was actually verified by github and had the green verified logo next to it. That is another factor that led to me downloading it.
What is this "verified logo"? Huh

I don't recall ever seeing any Github repo that has a "verified by github" logo attached to it? Even the official Electrum repo here doesn't seem to have any verified logo? Huh

Coding Enthusiast
Legendary
*
Offline Offline

Activity: 985
Merit: 1998


Bitcoin and C♯ Enthusiast


View Profile WWW
December 28, 2018, 04:05:16 AM
 #29

I emailed them about that and got no response.
It took them about half a day to respond but I've gotten the answer to my report and now the account and the page are both removed from GitHub.

The electrum-projects one was actually verified by github and had the green verified logo next to it. That is another factor that led to me downloading it.
What is this "verified logo"? Huh

I don't recall ever seeing any Github repo that has a "verified by github" logo attached to it? Even the official Electrum repo here doesn't seem to have any verified logo? Huh
"Verified" simply means that the commit in that repository was signed. It can be when you commit things through the webpage when signed in so they are signed with GitHub's key, or if you use git (for example I push commits from Visual Studio) you have to either signed them with a PGP key or they are not marked as verified.
This doesn't mean much though!
https://help.github.com/articles/managing-commit-signature-verification/
An example: https://i.imgur.com/lWER7ZL.jpg

Projects List+Suggestion box
Donate: 1Q9s or bc1q
|
|
|
FinderOuter(0.12.1)Ann-git
Denovo(0.1.0)Ann-git
Bitcoin.Net(0.14.0)Ann-git
|
|
|
BitcoinTransactionTool(0.11.0)Ann-git
WatchOnlyBitcoinWallet(3.2.1)Ann-git
SharpPusher(0.11.0)Ann-git
hatshepsut93
Legendary
*
Offline Offline

Activity: 2016
Merit: 1592



View Profile
December 28, 2018, 05:24:54 AM
Merited by Coding Enthusiast (2)
 #30

What we can learn from this attack to avoid something similar in the future:

1. Read everything very-very carefully, especially things like links to websites, repositories, etc. Always verify the signatures of the developers.

2. Don't panic, don't immediately rush to follow some instructions. Instead, check the official website, official repository, this forum for more details regarding the issue.

3. If you are simply holding coins in cold storage (as opposed to running a business, for example), you'll be safe from majority of potential attacks. This means you have more time to wait for more details regarding the issue.

4. Be slightly suspicious of all patches and hotfixes, there's always some risk that developers or their accounts and private keys were compromised. Again, carefully study the issue before acting.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
Retina
Member
**
Offline Offline

Activity: 252
Merit: 59


View Profile
December 28, 2018, 07:23:09 AM
 #31

I lost 2 BTC ( 35k$ )  last year because of Electrum got hacked an i have downloaded fake wallet.
do not use Electrum people
I do not understand that if you're a little careful then how is it possible because things are so trustworthy, how can it be hacked without your negligence, you should use a good quality anti-virus & while installing something else .
Rayser
Newbie
*
Offline Offline

Activity: 17
Merit: 2


View Profile
December 28, 2018, 08:43:12 AM
 #32

I lost 2 BTC ( 35k$ )  last year because of Electrum got hacked an i have downloaded fake wallet.
do not use Electrum people
I do not understand that if you're a little careful then how is it possible because things are so trustworthy, how can it be hacked without your negligence, you should use a good quality anti-virus & while installing something else .
Anti-virus won't help you.

Better if you install Linux and check the PGP signature of your Electrum download.
asche
Legendary
*
Offline Offline

Activity: 1358
Merit: 1477


I forgot more than you will ever know.


View Profile
December 28, 2018, 08:54:45 AM
 #33

Better if you install Linux and check the PGP signature of your Electrum download.

You don't need linux to do that. You can do it with windows just fine.

Lucius
Legendary
*
Offline Offline

Activity: 2282
Merit: 2690


Si Vis Pacem, Para Bellum


View Profile WWW
December 28, 2018, 10:54:37 AM
 #34

I lost 2 BTC ( 35k$ )  last year because of Electrum got hacked an i have downloaded fake wallet.
do not use Electrum people

Electrum is not got hacked as you say, some people just take advantage of Google AdWords service and run advertising campaign with fake Electrum sites. You use Google search engine to find Electrum site and then click on first results you get, in most cases this was fake site. So you lost 2 BTC just because you did not pay attention from where you download wallet, even simple adblock in browser would stop you to see such site.

What we can learn from this attack to avoid something similar in the future...

Some people just never learn, and regardless of what is happening right now they will lose money again. However this scam is very ingeniously conducted by using original Electrum wallet, and for most less experienced users it turned out to be a perfect trap.

I have to admit that after this Electrum can no longer be considered as safe wallet, this cheap trick should have been foreseen and stoped long time ago. I just wonder how many more exploits are still in Electrum and will be used one day against users?

hatshepsut93
Legendary
*
Offline Offline

Activity: 2016
Merit: 1592



View Profile
December 28, 2018, 11:31:25 AM
 #35

Some people just never learn, and regardless of what is happening right now they will lose money again. However this scam is very ingeniously conducted by using original Electrum wallet, and for most less experienced users it turned out to be a perfect trap.

This is why it's wrong to blame the victims. People here so often say "it's your own fault for downloading fake wallet", but it only means that Bitcoin's user experience is not yet ready for mass adoption. I can easily imagine my friends or relatives losing their coins to this attack or some of the previous attacks.


I have to admit that after this Electrum can no longer be considered as safe wallet, this cheap trick should have been foreseen and stoped long time ago. I just wonder how many more exploits are still in Electrum and will be used one day against users?

Perhaps other wallets have many vulnerabilities too, and Electrum gets attacked more frequently because it's very popular. But I'm going to stop using Electrum if the next vulnerability will be critical or if Core will get a decent GUI.





.
.




░██████████████████░
████████████████████
█████████▀░░░███████
█████████░░▄████████
███████▀▀░░▀▀███████
███████▄▄░░▄▄███████
█████████░░█████████

█████████░░█████████

█████████▄▄█████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████▀▀▀█▀███
███░▀█████▀░░░░░▀███
███▌░░░▀▀▀░░░░░░████
████▄░░░░░░░░░░░████
█████▀░░░░░░░░░█████

██████▄░░░░░▄▄██████

█████▄▄▄▄███████████

████████████████████

░██████████████████░
░██████████████████░
████████████████████
████████████████████
███████████▀▀░░▐████
███████▀▀░░░░░█████
████▀░░░▄█▀░░░▐█████
█████▄▄█▀░░░░░██████

███████▌▄▄▄▐██████

████████████████████

████████████████████

░██████████████████░
vv181
Hero Member
*****
Offline Offline

Activity: 1120
Merit: 513



View Profile
December 28, 2018, 12:32:16 PM
 #36

Some people just never learn, and regardless of what is happening right now they will lose money again. However this scam is very ingeniously conducted by using original Electrum wallet, and for most less experienced users it turned out to be a perfect trap.

This is why it's wrong to blame the victims. People here so often say "it's your own fault for downloading fake wallet", but it only means that Bitcoin's user experience is not yet ready for mass adoption. I can easily imagine my friends or relatives losing their coins to this attack or some of the previous attacks.

UX design is yet still the main problem in the cryptocurrencies scene, we can't blame the developer for it since its still a brand new revolutionary technologies that still improving on a major core system(LN, etc). But I believe the mainstream could help improve the cryptocurrencies ecosystem by improving the usability and accessibility for cryptocurrency software.

Beside the UX design, the user must realize too the state of the current problem, they need to educate themselves, and recheck for any critical information that could compromise their wallet.

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO

‎ ★
█▄             ▄█
██▄         ▄██
▐█████████████████▌
█████████████████

▄█████████████████▄
▀▀
▄▄▄▄    ▄▄▄▄   ▀▀
▀███▀  ▄████▀  ▄██▀

▄▄   ▀█████  ▀▀▄▄
██████████████████
████▀▀▀▀▀▀▀▀▀▀▀▀█████
██████▄▄▄▄▄▄▄▄███████
▀███████████████▀
▀▀██████████▀▀
▄▄█████████▄▄
▄█▀▀  ▀▀███▀▀  ▀▀█▄
▄█▀        █        ██▄
▄█          █         ██▄
▄███       ▄███▄       ███▄
███▀▀█▄▄▄▄███████▄▄▄▄█▀▀███
█▀      ▀█████████▀      ▀█
█        █████████        █
▀█       █████████       █▀
▀█     ▄█       █▄     █▀
▀██████         ██████▀
▀████▄       ▄████▀
▄▄▄█████▀▀███▄▄▄▄▄███▀▀█████▄▄▄
★ ‎
‎ ★
..PLAY NOW..
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1778
Merit: 1409


peace and love, peace and love


View Profile
December 28, 2018, 12:34:08 PM
 #37

The electrum-projects one was actually verified by github and had the green verified logo next to it. That is another factor that led to me downloading it.
What is this "verified logo"? Huh

I don't recall ever seeing any Github repo that has a "verified by github" logo attached to it? Even the official Electrum repo here doesn't seem to have any verified logo? Huh
Hmm.

Maybe he is referring to the {VERIFIED} tag that is next to some accounts of prominent companies such as AirBNB et al..? -- https://github.com/airbnb


You're right though, even https://github.com/spesmilo doesn't have that..  Undecided I really doubt that a random repo would get that.

daianapotter
Full Member
***
Offline Offline

Activity: 419
Merit: 100



View Profile WWW
December 28, 2018, 01:42:01 PM
 #38

Some people just never learn, and regardless of what is happening right now they will lose money again. However this scam is very ingeniously conducted by using original Electrum wallet, and for most less experienced users it turned out to be a perfect trap.

This is why it's wrong to blame the victims. People here so often say "it's your own fault for downloading fake wallet", but it only means that Bitcoin's user experience is not yet ready for mass adoption. I can easily imagine my friends or relatives losing their coins to this attack or some of the previous attacks.


I have to admit that after this Electrum can no longer be considered as safe wallet, this cheap trick should have been foreseen and stoped long time ago. I just wonder how many more exploits are still in Electrum and will be used one day against users?

Perhaps other wallets have many vulnerabilities too, and Electrum gets attacked more frequently because it's very popular. But I'm going to stop using Electrum if the next vulnerability will be critical or if Core will get a decent GUI.

If people that know a little of bitcoin got his/her coins gone.... imagine how will be with "normal"people. Bitcoin and cripto had a long way to go.

Would you like to invest in cryptocurrencies or other sites ... but you don't have money? Would you like to be able to do it? You can start for free! With potential from 0.30 to 1 dollar. And you can get many =) I guided you all the way =)
xenon131
Legendary
*
Offline Offline

Activity: 1554
Merit: 1004


making something real from dark matter


View Profile
December 28, 2018, 02:22:10 PM
 #39

Hi to all, I've shared fishing warning with Russian-speaking community  but a have a question whether the hardware based clients ( like Ledger nano s) are vulnerable to such kind of attack? Basically they're  light clients and rely on 3-rd parties servers.  

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████
.
█ █▀█ █▀█ █▀█  ▄  ▄▀▀ █   ▄▀█ ▀█▀ ▄▀▀ ▄███▄
█ █▀█ █ █ █ █ ▀█▀ ▀▀█ █   █ █  █  ▀▀█ ▀███▀
█ █▄█ █▄█ █▄█     ▄▄▀ ▀▄▄ █▄▀  █  ▄▄▀   
                                        █
████████████████████████████████████ 
███▀▀▀▀▀▀██████▀▀▀▀▀▀██████▀▀▀▀▀▀███ 
█▀▄██▀███▄▀██▀▄██▀███▄▀██▀▄██▀███▄▀████▄
█ █ ▀ ▀███ ██ █ ▀ ▀███ ██ █ ▀ ▀███ █████
█ ██    ▄█ ██ ██    ▄█ ██ ██    ▄█ █████
█▄▀██  ▀█▀▄██▄▀██  ▀█▀▄██▄▀██  ▀█▀▄████▀
███▄▄▄▄▄▄██████▄▄▄▄▄▄██████▄▄▄▄▄▄███
████████████████████████████████████
CRYPTO'S FASTEST
GROWING CASINO

‎ ★
█▄             ▄█
██▄         ▄██
▐█████████████████▌
█████████████████

▄█████████████████▄
▀▀
▄▄▄▄    ▄▄▄▄   ▀▀
▀███▀  ▄████▀  ▄██▀

▄▄   ▀█████  ▀▀▄▄
██████████████████
████▀▀▀▀▀▀▀▀▀▀▀▀█████
██████▄▄▄▄▄▄▄▄███████
▀███████████████▀
▀▀██████████▀▀
▄▄█████████▄▄
▄█▀▀  ▀▀███▀▀  ▀▀█▄
▄█▀        █        ██▄
▄█          █         ██▄
▄███       ▄███▄       ███▄
███▀▀█▄▄▄▄███████▄▄▄▄█▀▀███
█▀      ▀█████████▀      ▀█
█        █████████        █
▀█       █████████       █▀
▀█     ▄█       █▄     █▀
▀██████         ██████▀
▀████▄       ▄████▀
▄▄▄█████▀▀███▄▄▄▄▄███▀▀█████▄▄▄
★ ‎
‎ ★
..PLAY NOW..
AdolfinWolf
Legendary
*
Offline Offline

Activity: 1778
Merit: 1409


peace and love, peace and love


View Profile
December 28, 2018, 06:38:49 PM
 #40

Hi to all, I've shared fishing warning with Russian-speaking community  but a have a question whether the hardware based clients ( like Ledger nano s) are vulnerable to such kind of attack? Basically they're  light clients and rely on 3-rd parties servers.  

I believe (someone should correct me if i'm wrong, since i am far from an expert on hardware wallets.) all transactions made on a Ledger Nano S are done through their own servers, which are owned by no one but the corporation behind Ledger Nano S, so chances that this will happen on their devices/chrome app seems rather slim.

(They'd have to be the ones sabotaging their own servers, which wouldn't make any sense..?)




Pages: « 1 [2] 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!