xtraelv (OP)
Legendary
 Offline
Activity: 1274
Merit: 1924
฿ear ride on the rainbow slide
|
Initially reported on Reddit it is now mainstream news: https://www.financemagnates.com/cryptocurrency/news/hackers-steal-250-btc-from-electrum-bitcoin-wallets/Hackers Steal 250 BTC from Electrum Bitcoin Wallets
When the user opens his wallet app, he will be redirected to download a fake update created by scammers. The official Electrum Github confirms the exploit / phishing attack.
The user appears to connect via the genuine wallet and is prompted to upload a fake "update". As part of the "update" they are prompted to enter their 2FA code. This is then used by the attackers to empty their electrum wallet.
Updates do not require a user to enter their 2FAhttps://github.com/spesmilo/electrum/issues/4968There is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction; in this case the error text is displayed as is in the client GUI. The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum  There wasn't really any extra information given, however most likely the following happened:
user was using legitimate electrum client
connected to an electrum server operated by the attacker
user tried to broadcast a txn
server replied with an error containing the above rich text message   |
|
|
|
|
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
bitbunnny
Legendary
Offline
Activity: 2898
Merit: 1068
WOLF.BET - Provably Fair Crypto Casino
|
 |
December 28, 2018, 08:42:23 AM |
|
Unfortunately such attacks are very common and you can't be careful enoug so it's good to use every possible protection you can implement. Hackers are very active and will always misuse any vulnerability they find.
In this case they've taken really nice sum of Bitcoin and there is nothing that could be done about it.
|
|
|
|
xtraelv (OP)
Legendary
Offline
Activity: 1274
Merit: 1924
฿ear ride on the rainbow slide
|
|
December 28, 2018, 09:07:47 AM |
|
Unfortunately such attacks are very common and you can't be careful enoug so it's good to use every possible protection you can implement. Hackers are very active and will always misuse any vulnerability they find.
In this case they've taken really nice sum of Bitcoin and there is nothing that could be done about it.
Yes it is unfortunate. Awareness reduces victims. Electrum generally is a good product. There is a lot to be learned from exploits. Where this phishing is unique is that it is prompted by a visit to the genuine site. So it is a Electrum server exploit prompting users to be phished. |
|
|
|
squatter
Legendary
Offline
Activity: 1666
Merit: 1196
STOP SNITCHIN'
|
|
December 28, 2018, 09:24:07 AM |
|
There's a few harsh lessons to unpack here. When downloading a new wallet release, make sure you're on the genuine site. In this case, it was a fake Github repository. The official Github wasn't compromised, nor was electrum.org. Next, always verify the release signature. This is how to do that for Electrum. I would also recommend using Electrum as an offline wallet for additional security. |
|
|
|
luispitchler
Newbie
Offline
Activity: 51
Merit: 0
|
|
December 28, 2018, 09:29:26 AM |
|
no wonder there is a warning when i opened my account. these hackers are one of the reasons why people lose their confidence with crypto... something ought to be done about this. really sad.   |
|
|
|
|
eternalgloom
Legendary
Offline
Activity: 1792
Merit: 1283
|
|
December 28, 2018, 09:52:56 AM |
|
Thanks for sharing it here, I definitely would have missed this news, since I barely visit Reddit any more.
Luckily I only use Electrum to receive small amounts, but it would have sucked if I'd fallen for this.
It prompted me to check out the official Electrum Github page, just so I can memorize that account.
Regardless, I think I'll just always download the binaries from their official website and update manually.
|
|
|
|
hatshepsut93
Legendary
Offline
Activity: 2968
Merit: 2147
|
|
December 28, 2018, 10:15:19 AM |
|
From the article in the original post:
" A litany of concerned users are reporting their wallets have suddenly been drained out – without any notification or action on their side."
This is bullshit, people who lost their coins were tricked into downloading and running malicious client.
"When entering a login and password, the site steals funds from user accounts."
The site is github, it doesn't steal anything. The theft occurs after victims open their Bitcoin wallet files with their new malicious wallets.
|
|
|
|
|
jhenfelipe
|
|
December 28, 2018, 01:31:10 PM
Last edit: December 28, 2018, 01:42:00 PM by jhenfelipe |
|
theymos posted about it too yesterday to warn Electrum users. The News/announcement is still there, above the main menu bar. News: ♦ Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them. More info
Big problem that the error message pop out inside the official electrum wallet. Probably, there are people who will be deceived. |
|
|
|
|
ivannalog814
Jr. Member
Offline
Activity: 182
Merit: 1
|
|
December 28, 2018, 01:45:12 PM |
|
I think in our time it has come to the norm as such things happen very often, I personally have faced with phishing and it is unpleasant maturing. Be careful friends money losing is always very painful.
|
VIDY 👅 (https://www.vidy.com)
Video Layer for Ads ▶
https://www.vidy.com (https://www.vidy.com) |
|
|
Lizzylove1
Member
Offline
Activity: 858
Merit: 13
Christ The King
|
|
December 28, 2018, 02:31:09 PM |
|
I read this yesterday on reddit, this is pathetic, this is part of why many still fear investing in Crypto. My question is how do we keep this community from hackers or make it more difficult for hackers. I believe the hackers wallet should be monitored and possibly trace for a possible final sell-off regardless of the time frame.
|
|
|
|
xtraelv (OP)
Legendary
Offline
Activity: 1274
Merit: 1924
฿ear ride on the rainbow slide
|
|
December 29, 2018, 10:48:03 AM |
|
I read this yesterday on reddit, this is pathetic, this is part of why many still fear investing in Crypto. My question is how do we keep this community from hackers or make it more difficult for hackers. I believe the hackers wallet should be monitored and possibly trace for a possible final sell-off regardless of the time frame.
Hackers wallets are monitored. There are several projects doing that. |
|
|
|
DooMAD
Legendary
 Online
Activity: 3780
Merit: 3106
Leave no FUD unchallenged
|
|
December 29, 2018, 11:25:20 AM |
|
It's unconscionable that someone would deliberately target a client favoured by casual users. It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them.
|
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
shamc
Copper Member
Jr. Member
Offline
Activity: 336
Merit: 1
|
|
December 29, 2018, 12:09:02 PM |
|
I use electrum but haven't opened it for a while, luckily i did not use it yesterday otherwise i might have been tempted to update it as instructed. Good to know about this particular scam, i'll be wary of it for future attacks
|
|
|
|
xtraelv (OP)
Legendary
Offline
Activity: 1274
Merit: 1924
฿ear ride on the rainbow slide
|
|
December 29, 2018, 08:07:00 PM |
|
It's unconscionable that someone would deliberately target a client favoured by casual users. It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them.
It is terrible for those that were victims of the attacks but I do view what is currently happening as "beta testing". If we learn lessons from it and better the code and security protocols then it wasn't lost without something being gained from it. |
|
|
|
|
South Park
|
|
December 29, 2018, 10:52:17 PM |
|
no wonder there is a warning when i opened my account. these hackers are one of the reasons why people lose their confidence with crypto... something ought to be done about this. really sad. The only thing that you can do to protect yourself is to keep your eyes open to anything that seems suspicious because if you fall for a trick like this there is no way to recover your bitcoin, while bitcoin give to us the power of being banks this also means that you have the responsibility of securing your coins as if you were your own bank, so if possible store most of the coins that you have in cold storage so this doesn't happen to you. |
| .SHUFFLE.COM.. | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | ███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████
███████████████████████ | .
...Next Generation Crypto Casino... |
|
|
|
jjjfff
Copper Member
Member
Offline
Activity: 182
Merit: 18
Crypto.BI
|
|
December 29, 2018, 11:19:22 PM |
|
I read this yesterday on reddit, this is pathetic, this is part of why many still fear investing in Crypto. My question is how do we keep this community from hackers or make it more difficult for hackers. I believe the hackers wallet should be monitored and possibly trace for a possible final sell-off regardless of the time frame.
Hackers wallets are monitored. There are several projects doing that. What are the hacker addresses? |
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10555
|
|
December 30, 2018, 02:56:00 AM |
|
When the user opens his wallet app, he will be redirected to download a fake update created by scammers.
this has a very tricky wording! users are NOT redirected anywhere. instead they are simply shown a message that is encouraging them to click a malicious link. since that link is inside their wallet application they don't think it is malicious and click it, then they are "redirected" to where the malicious app is which they have to download and install to steal their coins. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
geminiboy
Full Member
Offline
Activity: 574
Merit: 100
https://ammut.network/
|
|
December 30, 2018, 03:09:10 AM |
|
Electrum is free software, with many crypto users interested in using it so hackers learn hard to hack it, I think this will continue to take the toll of Electrum users who don't read the news about this, hoping that Electrum will quickly improve the security system better and unique
|
|
|
|
|
Initscri
|
|
December 30, 2018, 03:24:38 AM |
|
Electrum is free software, with many crypto users interested in using it so hackers learn hard to hack it, I think this will continue to take the toll of Electrum users who don't read the news about this, hoping that Electrum will quickly improve the security system better and unique
Be careful to say hack in the conventional term. This was basically a phishing/social engineering attack, nothing more. It's not like the attackers were able to get crypto w/o the action of the individual owning the account. I put 50% on the users who failed to understand how to complete due diligence w/ their downloading, and 50% on Electrum devs for failing to see how allowing server admins to send messages out to Bitcoin users could have been abused. |
----------------------------------
Web Developer. PM for details.
----------------------------------
|
|
|
|
Maestro75
|
|
December 30, 2018, 03:34:19 AM |
|
theymos posted about it too yesterday to warn Electrum users. The News/announcement is still there, above the main menu bar. News: ♦ Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them. More info
Big problem that the error message pop out inside the official electrum wallet. Probably, there are people who will be deceived. Early this year too there was an attack on Electrum and a warning was pinned here by Theymos or some guy. It was at that point I stopped using that app. I had to be sure my little satoshi was safe than sorry. Electrum should fix this hacking problem to save it reputation. |
|
|
|
|
|
thesmallgod
|
|
December 30, 2018, 12:34:32 PM |
|
Electrum wallet is too vulnerable to hacking. Almost every year we hear bad news like this about the wallet. the team should look for reliable security means to protect users.
|
|
|
|
|
SistaFista
Sr. Member
Offline
Activity: 1638
Merit: 251
Hexhash.xyz
|
|
December 31, 2018, 02:30:29 AM |
|
Yeah, it was happening recently. I wonder why electrum wallet can give rich text warning to the users even from the untrusted server.
I read the article, hackers set several servers so they can catch their victim with higher chance.
On the last update of electrum wallet, i read that the hackers cannot pop up the rich text warning anymore. Any update now ?
|
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10555
|
|
December 31, 2018, 03:46:01 AM |
|
On the last update of electrum wallet, i read that the hackers cannot pop up the rich text warning anymore. Any update now ?
the link that the attacker was pushing to clients to fool them was on github, which was reported and removed the same exact day. i haven't heard of any change or new link popping up yet so basically it was over the same day i think. as for the update, the new versions still can show you the malicious message if the server sends you one but it won't be formatted anymore. so you won't see a "link", instead it will be a messy text with its markups. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
Teamfearless
Copper Member
Newbie
Offline
Activity: 118
Merit: 0
|
|
December 31, 2018, 04:58:51 AM |
|
I think its time for us to make awareness of all this hacking tips and trick .. allot people are afraid to join the crypto race because all this hackers .. and every Team must strengthening their security features so that newbie and beginners cant lose the coins ..
|
|
|
|
squatter
Legendary
Offline
Activity: 1666
Merit: 1196
STOP SNITCHIN'
|
|
December 31, 2018, 08:22:33 AM |
|
It's unconscionable that someone would deliberately target a client favoured by casual users. It's difficult enough to get people involved with Bitcoin even when there aren't hackers trying to take advantage of them.
It's upsetting, but unfortunately we should expect it from a rational point of view. Casual users are less likely to have strong security protocols and more likely to fall for social engineering attacks like this. For most people, malware has never carried great consequences -- Bitcoin is changing that in a big way. Finding a balance between user-friendliness and security is really hard. |
|
|
|
|
funchiestz
|
|
December 31, 2018, 08:31:18 AM |
|
Initially reported on Reddit it is now mainstream news: https://www.financemagnates.com/cryptocurrency/news/hackers-steal-250-btc-from-electrum-bitcoin-wallets/Hackers Steal 250 BTC from Electrum Bitcoin Wallets
When the user opens his wallet app, he will be redirected to download a fake update created by scammers. The official Electrum Github confirms the exploit / phishing attack.
The user appears to connect via the genuine wallet and is prompted to upload a fake "update". As part of the "update" they are prompted to enter their 2FA code. This is then used by the attackers to empty their electrum wallet.
Updates do not require a user to enter their 2FAhttps://github.com/spesmilo/electrum/issues/4968There is an ongoing attack against users where servers raise exceptions when a client broadcasts a transaction; in this case the error text is displayed as is in the client GUI. The attacker has spawned lots of servers on different /16 IPv4s to increase his chances of being connected to. The error messages are trying to get the user to download and install malware (disguised as updated versions of electrum There wasn't really any extra information given, however most likely the following happened:
user was using legitimate electrum client
connected to an electrum server operated by the attacker
user tried to broadcast a txn
server replied with an error containing the above rich text message There has been a lot of news about Electrum recently. I guess it's expected to happen. But this time the figure is very serious. And there is a warning on BTT News you can look at it: https://bitcointalk.org/index.php?topic=5090097.0(From BTT: Users of Electrum and similar: ignore any messages you receive from Electrum, and do not follow any links within them.) |
|
|
|
|
|
