Bitcoin Forum
February 24, 2019, 12:25:30 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: 2 weird happening now in ELECTRUM WALLET. (calling all devs from electrum)  (Read 347 times)
SuperInvestor
Jr. Member
*
Offline Offline

Activity: 46
Merit: 2


View Profile
February 02, 2019, 08:40:38 AM
Merited by bones261 (1)
 #1

first of all, Electrum is AGAIN, under attack. As what they said the last time, the pishing wont happen again. and it does. As of now, yes mine is being attacked/pished by someone. BUT due that i always ignore all notifications that said to update from here https://github.com/electrum-project/electrum/releases/latest (which is not the right one to update your wallet!) so my funds are not stolen BUT froze in this wallet.

1. Receive this notification said to update the wallet how many times today. https://prnt.sc/mfkul1 so i cant even send any transactions out of the wallet right now.

2. Kept calmed, i deleted that wallet, and download an updated one FROM https://electrum.org/#download and after updating the wallet still can't sent my funds out https://prnt.sc/mfky6f .

PS: I have expirience this kind of attack before as i created a topic for it https://bitcointalk.org/index.php?topic=5089945.msg48903952#msg48903952 . And yet, still using it. Becausei believe that Electrum wallet is the most secured bitcoin wallet. Please in also behalf of all users who expirienced this, help us know what's happening. What to do and how to do avoid it.

Calling all developers from Electrum, please response below how to fix this and why this is happening.

Thanks.
 
Your Bitcoin transactions
The Ultimate Bitcoin mixer
made truly anonymous.
with an advanced technology.
Mix coins
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 02, 2019, 09:35:42 AM
Merited by bones261 (2)
 #2

Did you follow the instructions and try connecting to a different server? Huh

The "unknown error" is the expected behaviour if you are on at least version 3.3.3 (the current version at this time), but you are connected to a "bad" server that is attempting to send you the fake error messages about updating to the malware version.

To correct this error, you simply need to connect to a different server. Open the network settings using "Tools -> Network" (or simply click the green dot in the bottom right corner). Click the "Server" tab and select one other than what you currently using. You need to uncheck the "Select Server Automatically" box, then right click on a server in the list and select "use as server". Try different ones until you find one that isn't giving you an error.

For reference, I am currently using:
server: dedi.jochen-hoenicke.de
port: 50002

NOTE: jochen-hoenicke.de is a fairly well known and reputable site... he has the mempool stats that people use for checking fees etc: https://jochen-hoenicke.de/queue/#0,24h

The electrum.hsmiths.com server is generally fairly reliable as well.

nc50lc
Full Member
***
Offline Offline

Activity: 504
Merit: 201


Self-proclaimed Genius ㊙️


View Profile WWW
February 02, 2019, 10:57:18 AM
 #3

Try not to use the wallet file that the Fake Electrum has generated.
Instead, restore it to the Original version via SEED. You may also needed to scan the whole computer for possible malware installed by the fake version if there's any.

The reason for this is: even the real Electrum does a small backward-incompatibility issue to the wallet file after changing the version (like v3.3.3 to older versions). The Fake version also has write access to your files and must have tinkered your wallet file somehow.

joniboini
Sr. Member
****
Offline Offline

Activity: 476
Merit: 848


bit.do/bountyrecommendation


View Profile WWW
February 02, 2019, 12:03:42 PM
 #4

Try not to use the wallet file that the Fake Electrum has generated.
Instead, restore it to the Original version via SEED. You may also needed to scan the whole computer for possible malware installed by the fake version if there's any.

If I understand it correctly, OP already did delete the old wallet and start from the beginning but when he tried to make a transaction the error comes out because he's connected to a bad server. So here's what happens: he used an old version of Electrum which connected to a bad server and failed to make a transaction. After that, he downloaded a new Electrum (the legit one) and tried to use it but it fails again because he's still connected to a bad server.

███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
#1
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
BTC 
  ●
   BTC
  BTC  
.
    ▄▄▄▀▀▀▀
 ▄██▀
███        ▄▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄▄▄
▀███▄▄▄▄▀▀▀                 ▀▀▄▄
  ▀▀▀██████████████████████████▀
   ▄█▄     ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
    ▀▀██▄▄█▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀▀
      ▄  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
      ▀██▄  ▄▀▀▀▀▀▀▀▀▀▀▀▀▄
        ▀█▀██████████████▀▀
         ▀█▄▄ ▄▄▄▄▄▄▄▄▄▄
            █▀▄▄▄▄▄▄▄▄▄▄▀
             ▀▀▄▄▄▄▄▄▄
.
     BTC
  BTC   
  ●
  BTC  
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
███████████
██
██
██
██
██
██
██
██
██
██
██
███████████
nc50lc
Full Member
***
Offline Offline

Activity: 504
Merit: 201


Self-proclaimed Genius ㊙️


View Profile WWW
February 02, 2019, 01:12:05 PM
 #5

If I understand it correctly, -snip-
For me, he clearly stated that he deleted the executable, the fact that he said "that wallet" and "downloaded an updated one" means it's the fake Electrum version.

Aside from that, I'm pretty sure that Electrum always changes the server in every relaunch if your wallet is configured to "choose automatically" (default) and the chance that it will select the "bad server" is pretty slim. So I'd say, there's something fishy going on his side.
Plus, aside from him, there's no one else here who experienced unsendable bitcoins due to a "bad server", pretty much an isolated case.

If changing server didn't work, he can try my advice.

TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 02, 2019, 01:35:33 PM
 #6

If I understand it correctly, -snip-
For me, he clearly stated that he deleted the executable, the fact that he said "that wallet" and "downloaded an updated one" means it's the fake Electrum version.

Aside from that, I'm pretty sure that Electrum always changes the server in every relaunch if your wallet is configured to "choose automatically" (default) and the chance that it will select the "bad server" is pretty slim. So I'd say, there's something fishy going on his side.
Plus, aside from him, there's no one else here who experienced unsendable bitcoins due to a "bad server", pretty much an isolated case.

If changing server didn't work, he can try my advice.
He literally said “downloaded an updated one FROM electrum.org”; you just cut that part off for some reason.

He also said:

Quote
i always ignore all notifications that said to update from here https://github.com/electrum-project/electrum/releases/latest (which is not the right one to update your wallet!) so my funds are not stolen BUT froze in this wallet.

Sounds pretty obvious that he didn’t download the fake wallet.

Also, chances of getting two infected servers in a row aren’t “pretty slim”, I actually got the same server two times in a row once and had to change it manually.

OP: do like the other users said and try selecting a trusted server manually.

Abdussamad
Legendary
*
Offline Offline

Activity: 2016
Merit: 1110



View Profile WWW
February 02, 2019, 02:06:12 PM
Last edit: February 02, 2019, 08:11:50 PM by Abdussamad
 #7

Try not to use the wallet file that the Fake Electrum has generated.

Try reading what he wrote. He never installed fake electrum.

OP just change servers like HCP said.

SuperInvestor
Jr. Member
*
Offline Offline

Activity: 46
Merit: 2


View Profile
February 02, 2019, 06:53:59 PM
 #8

Did you follow the instructions and try connecting to a different server? Huh

The "unknown error" is the expected behaviour if you are on at least version 3.3.3 (the current version at this time), but you are connected to a "bad" server that is attempting to send you the fake error messages about updating to the malware version.

To correct this error, you simply need to connect to a different server. Open the network settings using "Tools -> Network" (or simply click the green dot in the bottom right corner). Click the "Server" tab and select one other than what you currently using. You need to uncheck the "Select Server Automatically" box, then right click on a server in the list and select "use as server". Try different ones until you find one that isn't giving you an error.

For reference, I am currently using:
server: dedi.jochen-hoenicke.de
port: 50002

NOTE: jochen-hoenicke.de is a fairly well known and reputable site... he has the mempool stats that people use for checking fees etc: https://jochen-hoenicke.de/queue/#0,24h

The electrum.hsmiths.com server is generally fairly reliable as well.

THANKS!
bitdaric
Copper Member
Member
**
Offline Offline

Activity: 199
Merit: 15


View Profile
February 04, 2019, 09:49:44 AM
 #9

what was server name you connected to?

➡️💯➡️ BitDaric (DARX) 💰😎👍 Bounty
SuperInvestor
Jr. Member
*
Offline Offline

Activity: 46
Merit: 2


View Profile
February 04, 2019, 09:13:07 PM
 #10

Did you follow the instructions and try connecting to a different server? Huh

The "unknown error" is the expected behaviour if you are on at least version 3.3.3 (the current version at this time), but you are connected to a "bad" server that is attempting to send you the fake error messages about updating to the malware version.

To correct this error, you simply need to connect to a different server. Open the network settings using "Tools -> Network" (or simply click the green dot in the bottom right corner). Click the "Server" tab and select one other than what you currently using. You need to uncheck the "Select Server Automatically" box, then right click on a server in the list and select "use as server". Try different ones until you find one that isn't giving you an error.

For reference, I am currently using:
server: dedi.jochen-hoenicke.de
port: 50002

NOTE: jochen-hoenicke.de is a fairly well known and reputable site... he has the mempool stats that people use for checking fees etc: https://jochen-hoenicke.de/queue/#0,24h

The electrum.hsmiths.com server is generally fairly reliable as well.

I have followed this instructions and everything went fine. Hope this server will not get that attack.
HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 05, 2019, 01:53:02 AM
 #11

I have followed this instructions and everything went fine. Hope this server will not get that attack.
The servers are not "attacked" per se... "Bad" servers are deliberately setup as part of the scam. When it first happened, the scammers seemed to be spinning up large numbers of "Bad" servers on AWS instances. I'm not sure if that is still the case.

In any case, the vast majority of servers are OK... and if you run only the latest official Electrum, you have nothing to worry about from this particular attack. It'll just be inconvenient if your Electrum connects to a bad server, you'll get "unknown error".

As already mentioned, you simply need to connect to a different server, and continue trying different ones, until you no longer get the error.

Lucius
Legendary
*
Offline Offline

Activity: 1330
Merit: 1136


Fortis Fortuna Adiuvat


View Profile WWW
February 05, 2019, 10:33:46 AM
 #12

As long as users do not understand the essence of the problem in this specific case, they will be exposed to the possibility of hack or at best confusion and panic that some bad servers will steal their coins. That bad servers are just tool which hackers use to scam naive users, and since many are still not update to latest version of Electrum, we will see more threads like this in future.

This attack will continue to run because it is not possible to prevent anyone to set up server, so simply ignore any message in Electrum, pick another server manually, and download new version only from official site with the addition of a signature check.

ysangkok
Newbie
*
Offline Offline

Activity: 7
Merit: 2


View Profile
February 05, 2019, 05:58:18 PM
Merited by bones261 (2)
 #13

first of all, Electrum is AGAIN, under attack. As what they said the last time, the pishing wont happen again. and it does. As of now, yes mine is being attacked/pished by someone. BUT due that i always ignore all notifications that said to update from here https://github.com/electrum-project/electrum/releases/latest (which is not the right one to update your wallet!) so my funds are not stolen BUT froze in this wallet.

1. Receive this notification said to update the wallet how many times today. https://prnt.sc/mfkul1 so i cant even send any transactions out of the wallet right now.

2. Kept calmed, i deleted that wallet, and download an updated one FROM https://electrum.org/#download and after updating the wallet still can't sent my funds out https://prnt.sc/mfky6f .

PS: I have expirience this kind of attack before as i created a topic for it https://bitcointalk.org/index.php?topic=5089945.msg48903952#msg48903952 . And yet, still using it. Becausei believe that Electrum wallet is the most secured bitcoin wallet. Please in also behalf of all users who expirienced this, help us know what's happening. What to do and how to do avoid it.

Calling all developers from Electrum, please response below how to fix this and why this is happening.

Thanks.
 

Hi, I work for Electrum Technologies GmbH. We are aware of the attack, and to mitigate it, we have done a number of things:

1. there is a new version of ElectrumX that makes it harder to start malicious servers and have them relayed. The new ElectrumX will warn users that have an old version of Electrum that shows error messages as rich text, which makes the phishing attack so convincing.
2. as previously mentioned, there are new versions of Electrum (v3.3.2, which disallows rich text in error messages, and v3.3.3 which has a Bitcoin Core error whitelist). To get the newest version of Electrum, always use electrum.org, never any other domain. There are new phishing attempts from all kinds of lookalike URLs every month. Never get Electrum from anything but electrum.org.
3. since so many users were on old versions, we have started our own ElectrumX servers that notify outdated users to update, but using the genuine URL (electrum.org). We are aware that this might be confusing for users, as it legitimizes this way of spreading update notifications, which we never meant to include in the first place. But since the attack has started, and this will potentially prevent users from getting scammed, we decided to do it.

If you didn't update Electrum from malicious sources, your coins are safe and you don't have to worry. If you suspect that you might have installed malicious software, take your computer offline immediately and follow typical procedures to restore from seed on a trusted machine.
pooya87
Legendary
*
Offline Offline

Activity: 1554
Merit: 1410



View Profile
February 06, 2019, 05:17:12 AM
 #14

Hi, I work for Electrum Technologies GmbH. ~

I am surprised that you claim to have this affiliation but have not once mentioned anything about "verifying the signature of the downloaded files" which is the most important part, even more important than downloading from the official website (electrum.org). in fact it doesn't matter where you download them from as long as you verify them with the real PGP public key of the real developer.

as for the server, i think it is a bad move specially since there is no guarantee people are connecting to that server anyways since there are quite a lot of them available.

TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 06, 2019, 12:46:01 PM
Merited by ETFbitcoin (1)
 #15

electrum developers have to force users to upgrade new versions if old versions have problems. Just check its version from startup
No. There can be many compatibility issues when updating a software to a new version. Many big updates from Electrum - like when they went to python 3 - stopped working for many users who were in older versions of Windows or in specific linux distoros. Also, this may become an extra attack surface.

A warning is more than enough.

Hi, I work for Electrum Technologies GmbH. We are aware of the attack, and to mitigate it, we have done a number of things:
As I said in the other thread you also replied, prove your identity when using an unknown account. In this case, as an Electrum dev.

Quack2341
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 06, 2019, 07:08:14 PM
 #16

Today I had 0.0215437 BTC stolen before i could send it to the address I wanted to.

I have had no messages saying "install a new version before sending out money" or anything like that and I have definitely downloaded the electrum from electrum.org, the newest verson.


from what I can see on the block chain the transaction ID was 387a2ecb74fecfa8329b976c23032ef7f21adabdd15fe1923a54575f1697ba8e

and the receiving address was 14kuUTfXM1MLzmDidMZPEFrU7Z9hR6tX1q


Is there a way to recover the funds?



Thanks in advance
HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 06, 2019, 07:13:06 PM
 #17

Today I had 0.0215437 BTC stolen before i could send it to the address I wanted to.

I have had no messages saying "install a new version before sending out money" or anything like that and I have definitely downloaded the electrum from electrum.org, the newest verson.
Did you verify the digital signature of the downloaded Electrum installer?

If you did not receive any strange error messages from Electrum and are 100% sure that the version of Electrum you are running is legit, then chances are that your wallet was compromised in some other way... did you store your 12 word electrum seed mnemonic in a digital format? (ie. backed up in a text file or screenshot on your hard drive or email or a cloud file storage service etc?)

Have you attempted to claim any fork coins by putting your electrum wallet seed mnemonic into other wallets?


Is there a way to recover the funds?
Unfortunately, No. As with all Bitcoin transactions, once the coins have been sent and confirmed, there is no way to cancel or reverse a transaction.

Quack2341
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 06, 2019, 07:32:25 PM
 #18

Quote: Did you verify the digital signature of the downloaded Electrum installer?

If you did not receive any strange error messages from Electrum and are 100% sure that the version of Electrum you are running is legit, then chances are that your wallet was compromised in some other way... did you store your 12 word electrum seed mnemonic in a digital format? (ie. backed up in a text file or screenshot on your hard drive or email or a cloud file storage service etc?)




----

I keep my seed on paper in secure place offline. very confused as to whats happened. Will accept that its gone and try a different wallet and make sure my OS isnt compromised before getting more.
HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 06, 2019, 07:42:20 PM
 #19

Were you actually trying to send the 0.0215437 BTC to a different address when this transaction happened? Huh

It is also possible that you have fallen victim to clipboard malware that changes the BTC address when you use copy/paste.

scambust
Legendary
*
Offline Offline

Activity: 1330
Merit: 1006



View Profile WWW
February 06, 2019, 07:47:15 PM
 #20

Were you actually trying to send the 0.0215437 BTC to a different address when this transaction happened? Huh

It is also possible that you have fallen victim to clipboard malware that changes the BTC address when you use copy/paste.

Malware sucks. It's the worst nightmare for a crypto holder. Have you heard about the newest malware that can steal your username/password and session cookies in your browser? If they can steal them, they can access your exchange account and emails.


                    ▓██████████████████████████████████████████████████▓░     
                    ▓██████████████████████████████████████████████████░░     
                    ▓█████████████████████████████████████████████████░       
                    ▓████████████████████████████████████████████████▒░       
                    ▓████████████████████████████████████████████████         
                    ▓███████████████████████████████████████████████░ 
         
                     ░░ ██████████████████████████▓               ░ ░░         
                          ░▓█████████████████████████▓░░             
           
        ███████████████████████████████████████████████████░░                   
       ▒██████████████████████████████████████████████████                     
       ░██████████████████████████████████████████████████                     
        ░█████████████████████████████████████████████████                     
        ░░████████████████████████████████████████████████                     
        ░░████████████████████████████████████████████████                     
          ░███████████████████████████████████████████████░░ 
                 
                        ░░░██████████████████████████▓░                       
                     ░░██████████████████████████▒░
                           
                    ▓███████████████████████████████████████████████████░     
                    ▓██████████████████████████████████████████████████░       
                    ▓█████████████████████████████████████████████████░       
                    ▓█████████████████████████████████████████████████░       
                    ▓████████████████████████████████████████████████░░       
                   ░▓███████████████████████████████████████████████░           
██▀
▐▌
▐║
▐║
▐▌
██▄
▀██
▐▌
║▌
║▌
▐▌
▄██
░░░░░░SOCIAL MEDIA░░░░░
Facebook Twitter  Github 
Telegram  Medium  Reddit
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!