bL4nkcode (OP)
Copper Member
Legendary
Offline
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
|
|
January 11, 2019, 10:54:13 AM |
|
Saw this tweet of electrum hours ago. Please be aware, and be careful. "Warning: there is an ongoing phishing attack against Electrum users, where rogue servers ask users to install bitcoin-stealing malware. We released version 3.3.2, which mitigates the attack. See https://electrum.org/#download" Source: https://twitter.com/ElectrumWallet/status/1083334662427164672
|
|
|
|
|
|
|
"You Asked For Change, We Gave You Coins" -- casascius
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
January 11, 2019, 11:36:37 AM |
|
I'm not sure why Electrum gives a warning again since that attack is actually never stopped. Electrum just changed, or as they say mitigates the attack in a way how users see that notification pop message. So there is no direct link to fake wallet download (click link), but message is looks like this : Some users obviously still fall into this trap and download fake wallets, probably because of that Electrum reacted again by tweet that warning.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3248
Merit: 2965
Block halving is coming.
|
|
January 11, 2019, 06:22:41 PM |
|
It seems that the error only shows on the latest version of electrum? I tried the other version but I don't see any error yet.
It looks like only the 3.3.2 version is infected with this attack.
I'm sure that they will release a new version of electrum this coming week and I hope they can inform all Electrum users about this issue before someone installs a fake Electrum wallet.
I already check the link from the image above it looks like someone already reported it.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
January 12, 2019, 02:21:11 AM |
|
It seems that the error only shows on the latest version of electrum? I tried the other version but I don't see any error yet.
It looks like only the 3.3.2 version is infected with this attack.
It has nothing to do with the version of the Electrum client that you have installed/are using... it all depends on which Electrum server you get connected to. Also, I believe that the message only shows when you attempt to broadcast a transaction. The message is generated and sent by rogue Electrum servers that have been setup and launched by the attackers. They modified the (open source) code, so that regardless of your client and/or how your transaction is setup, the server will automatically return the fake "error" message to your client encouraging you to "upgrade". Then the attackers launched hundreds of servers (using different domains) to increase the odds that a client would get automatically connected to one of their servers. So, if you automatically (or manually) connect to a "good" server, you will never see this message... and if you're connected to a "bad" server, but don't try and broadcast a transaction, you will not see this message either.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10555
|
|
January 12, 2019, 05:04:09 AM |
|
I'm not sure why Electrum gives a warning again since that attack is actually never stopped. Electrum just changed, or as they say mitigates the attack in a way how users see that notification pop message.
people aren't upgrading their Electrum just because this bug existed in older versions. there are still people using Electrum 2.x.x versions out there too! so as long as the attack is ongoing some sort of warning on their Twitter page from time to time is a good idea. they may need to stick it on top though.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
elda34b
|
|
January 12, 2019, 06:47:36 AM |
|
people aren't upgrading their Electrum just because this bug existed in older versions. there are still people using Electrum 2.x.x versions out there too! so as long as the attack is ongoing some sort of warning on their Twitter page from time to time is a good idea. they may need to stick it on top though.
They'll probably need to pin it forever, because it seems these 'bad' servers will continue to exist as long as people still use Electrum. Anyway, this should increase security awareness. For god’s sake, I never understand why people just download and never verify a file from the internet.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
January 12, 2019, 10:39:54 AM |
|
There is currently no way to prevent the appearance of this message through legitimate Electrum wallet so every warning is welcome. But the very fact that vulnerability still exists makes this wallet very risky for any inexperienced user. We can talk about how is important to always check files before installation, or to never download wallets from untrusted source - people simply do not pay attention to such things.
I'm not sure if it's technically possible that Electrum use this exploit in a way to show warning message to users, but before any transaction is initiated?
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
Awkward_Public_Stoner
Newbie
Offline
Activity: 21
Merit: 4
|
|
January 12, 2019, 10:54:36 AM |
|
Do we have a list of servers that are safe for sure? Would help because then you could connect manually to those when you get the pop up.
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
January 12, 2019, 11:21:45 AM |
|
I'm not sure if it's technically possible that Electrum use this exploit in a way to show warning message to users, but before any transaction is initiated?
Well first of all Electrum doesn't show update notifications at all. If it were to start now it'll only muddy the waters even more Second the message is by the server you are connected to and the electrum company doesn't control those servers. If it did then they could simply replace the messages with numerical error codes and then the client could display a limited set of meaningful error messages depending on the error code instead of arbitrary messages from the server. This is the proper fix they talked about. In the meantime the electron cash approach might work where they attempt to parse the message from the server and then replace it with a legit error message. Another suggestion was to hide the message from the server under a read more button so that those who actually cared could read it while your regular users won't bother and therefore won't be phished.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
January 12, 2019, 01:39:39 PM Last edit: January 12, 2019, 01:49:40 PM by Lucius |
|
Well first of all Electrum doesn't show update notifications at all. If it were to start now it'll only muddy the waters even more
Electrum is show this message in combination with bad servers, and even if Electrum can not influence on such servers, yet there is a great deal of responsibility on them. Such a thing should be foreseen and prevented, but instead of that we have hundreds of stolen BTC and confusion that continues to last... You posted some of possible solutions, and both would in any case be better than the current situation. It's been 16 days since the attack started, and only fix in that period is mitigation of problem. I see there is version of Electrum 3.2.4 (2018-12-31 11:26), but on main page is still Latest release: Electrum-3.3.2 , even more confusion...? Do we have a list of servers that are safe for sure? Would help because then you could connect manually to those when you get the pop up.
Nothing is 100% sure, but I found a list with Electrum servers which could help. However, owner of this site can also be tricked to list some bad server, it is just for informational purposes. https://1209k.com/bitcoin-eye/ele.php
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
January 12, 2019, 02:28:13 PM |
|
You posted some of possible solutions, and both would in any case be better than the current situation. It's been 16 days since the attack started, and only fix in that period is mitigation of problem.
You should complain in that issue: https://github.com/spesmilo/electrum/issues/4968I see there is version of Electrum 3.2.4 (2018-12-31 11:26), but on main page is still Latest release: Electrum-3.3.2 , even more confusion...?
3.2.4 contains a backported version of the phishing attack mitigation for users who can't upgrade to python 3.6. Everyone else should stick to 3.3.2.
|
|
|
|
paulus59
Newbie
Offline
Activity: 231
Merit: 0
|
|
January 12, 2019, 07:04:11 PM |
|
hello there some day's ago someone stole my BTC from electrum wallet after I upgraded from 3.3.1 > to 3.3.2 all my BTC are gone 0.05xxx but I have decided after cleaning my computer to reinstall the new and latest wallet now when I installed this I tough let's see the file structure in that wallet it apart from mine wallet.dat folder this is what I saw http://i66.tinypic.com/2n0pkq8.jpgi don't think this is correct look at the date stamp of the actual wallet exe file create day: 11-11-2000 !!??? so, in short, i downloaded from the original website what I always do then installed it then I went to the folder and this is what i saw please need help an advice
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
January 13, 2019, 04:55:08 PM |
|
look at your browser history and confirm the url you downloaded electrum from ?
|
|
|
|
paulus59
Newbie
Offline
Activity: 231
Merit: 0
|
|
January 14, 2019, 10:07:18 AM |
|
yes, it is from the original website > http://nl.tinypic.com/r/2njwpc8/9image of download history i would say check your own folder structure see if it is the same as my image
|
|
|
|
G3nijalac
Member
Offline
Activity: 120
Merit: 10
|
|
January 14, 2019, 02:15:03 PM |
|
So what would be the wisest course of action? Just wait untill the issue gets fixed and not use the wallet in the meantime?
One important question. Does the transaction go trough despite the error msg? Like is the functionality unaffected?
Thanks for info.
|
|
|
|
Abdussamad
Legendary
Offline
Activity: 3612
Merit: 1564
|
|
January 14, 2019, 06:11:01 PM |
|
So what would be the wisest course of action? Just wait untill the issue gets fixed and not use the wallet in the meantime?
One important question. Does the transaction go trough despite the error msg? Like is the functionality unaffected?
Thanks for info.
The only thing you need to do is that in the event you get an error message when spending bitcoins try switching servers. Don't download any software that the error message tells you to.
|
|
|
|
HCP
Legendary
Offline
Activity: 2086
Merit: 4316
<insert witty quote here>
|
|
January 18, 2019, 07:19:14 PM |
|
One important question. Does the transaction go trough despite the error msg? Like is the functionality unaffected?
To answer this question... As I understand it... No, the transaction does not go through. All the "bad" servers do is throw back the fake error message and encourage the user to download malware. (NOTE: I believe the github repository that it linked to has already been removed) So, as Abdussamad mentioned, simply ignore the error and connect to a different server. If you do that, there is no danger to your wallet or coins from this "attack".
|
|
|
|
joele
Legendary
Offline
Activity: 1022
Merit: 1000
|
|
January 25, 2019, 03:48:36 AM |
|
Old Electrum 2.9.3 and selected server node 'b.ooze.cc' still works for me.
|
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5638
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
January 25, 2019, 10:41:32 AM |
|
joele, older versions still works, but there are problems with synchronization and with security. You should not use any version under 3.0.5 because of security problem which is fixed with this version. Also it is good practice to always use latest version, your version is too old and it is not safe. # Release 3.0.4 : (Security update)
* Fix a vulnerability caused by Cross-Origin Resource Sharing (CORS) in the JSONRPC interface. Previous versions of Electrum are vulnerable to port scanning and deanonimization attacks from malicious websites. Wallets that are not password-protected are vulnerable to theft. * Bundle QR scanner with Android app * Minor bug fixes # Release 3.0.5 : (Security update)
This is a follow-up to the 3.0.4 release, which did not completely fix issue #3374. Users should upgrade to 3.0.5.
* The JSONRPC interface is password protected * JSONRPC commands are disabled if the GUI is running, except 'ping', which is used to determine if a GUI is already running https://github.com/spesmilo/electrum/blob/master/RELEASE-NOTES
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
pooya87
Legendary
Offline
Activity: 3444
Merit: 10555
|
finally it is fixed in the newest version 3.3.3 reference: https://github.com/spesmilo/electrum/pull/5011/filesit uses the same approach as the electronBCH approach that takes the message, analyzes it and then translates that into predefined messages instead of showing whatever the server sent. that should solve this issue for good. if the server sends you a malicious message you should see ""Unknown error" instead of it.
|
. .BLACKJACK ♠ FUN. | | | ███▄██████ ██████████████▀ ████████████ █████████████████ ████████████████▄▄ ░█████████████▀░▀▀ ██████████████████ ░██████████████ █████████████████▄ ░██████████████▀ ████████████ ███████████████░██ ██████████ | | CRYPTO CASINO & SPORTS BETTING | | │ | | │ | ▄▄███████▄▄ ▄███████████████▄ ███████████████████ █████████████████████ ███████████████████████ █████████████████████████ █████████████████████████ █████████████████████████ ███████████████████████ █████████████████████ ███████████████████ ▀███████████████▀ ███████████████████ | | .
|
|
|
|
|