New Fake Electrum Wallet 3.3.4 steal all your coins!

[Bloedi]

I opened my Electrum Bitcoin Wallt and wanted to do a transaction over 60, - €.

After entering my password and transferring the data to the blockchain, I was shown a dialog that pointed out that the version of the Electrum Wallet 3.1.3 was out of date and I should download the new version 3.3.4.

The hint dialog refers to a repository of GitHub (Fake-Name: eIectrum-wallet) that suggests it is an authentic download source.

I do not understand how it was possible to show this hint dialog, because my Electrum Wallet 3.1.3 is an original version. It seems like the DNS request has been redirected or something similar.

In any case, about 1,500, - € were stolen from me by a seemingly Russian attacker:

https://www.blockchain.com/de/btc/tx/57c3362ec5eae46c76cbeed089168c35ccf5d687f33e0252a01997da408f6e82


He uses presumptive - among others this email address for his criminal activities: movlam4666@gmail.com

An e-mail with the following subject has been sent from my e-mail account:

Угyчий дoклaдeц

The email contained the following text:

Paзpeшeнo cлюньтяйничaть, ничeгo нe дeлaя, a знaчит пpeдcтaть "ycтapeлым" Зaпoлнить дaнныe


I assume that this email is related to the theft of my Bitcoin balance.

I always pay close attention to what I download where, but this attack has been cleverly staged so that the slightly different names are not noticeable until you look closely.

Anyway, that was my last Bitcoin balance.

Crypto currencies will have a difficult future if they are used primarily to make everyone cheat, rip off and shit.

[HCP]

There have already been multiple threads/posts on here about exactly this issue. It started over 2 weeks ago.

The ONLY official place to download is: https://www.electrum.org/#home
Currently, the latest version is 3.3.3

AND you should ALWAYS verify the digital signature of the downloaded file before installing and/or running it.

For reference: https://bitcointalk.org/index.php?topic=5095856.0

I do not understand how it was possible to show this hint dialog, because my Electrum Wallet 3.1.3 is an original version. It seems like the DNS request has been redirected or something similar.

There was a flaw in the design of Electrum where it would just display the raw text of whatever "error" message was returned by an Electrum Server (including links!). Hacker set up a LOT (like hundreds) of "fake" servers that would send back the error message with link to fake update.

These issues have been resolved in (official) 3.3.3 version

[Lucius]

Crypto currencies will have a difficult future if they are used primarily to make everyone cheat, rip off and shit.

The fault is definitely on Electrum side, there is no doubt in that - hackers use exploit which should have been foreseen and fixed in the way it was made in the version 3.3.3. But it is also the fault of the users, who do not realize that everything has to be checked several times before actually doing something, and update of desktop wallet is highly risky operation.

If you just visited Electrum official site and read warning :

Warning: (1) Electrum is a Bitcoin-only wallet. Variants of Electrum for other cryptocurrencies are not developed by us, and they are not endorsed by us. Some of these variants have been found to be Bitcoin-stealing malware. (2) Old versions of Electrum are vulnerable to a phishing attack, where malicious servers ask users to download a fake version of Electrum. DO NOT download Electrum from any other site than electrum.org.

https://electrum.org/#home