Money Stolen from Electrum

Hello today i was sending money to some friend and i got message

i closed message and try again sending but same message arrived i think there will be issue
i visited github and downloaded latest release from link

https://github.com/eIectrum-wallet/electrum/releases/latest

i downloaded and installed after install i try to send money again but balance was still synchronizing

i closed and opened many times but still same then i just open electum installed on mobile phone . which i created with same seed i see there was a transaction

and balance is 0

https://www.blockchain.com/btc/tx/feee90df48e654a701a2ca05562b8558e4aef1b77054f007278f8214414a7ab8

Here is transaction which automatically made from my account

i just want to know who is responsible for this situation ?

Sorry, your coins are gone. I guess you missed the last news about Electrum, right?

There was an exploit where specific Electrum servers deployed by hackers where giving fake “update your Electrum” messages. They used that to make users download their fake wallet from the github link you posted above.

The exploit was fixed last version, which you unfortunately don’t have. I recommend that you do a clean reinstall od your OS, because there is a chance you may be infected with a malware.

You downloaded a compromised wallet. That link comes from a hacker who created many fake Electrum servers.

This was in the news recently, the attackers earned quite a bit of money.

Quote from: LoyceMobile on February 02, 2019, 04:53:31 PM

You downloaded a compromised wallet. That link comes from a hacker who created many fake Electrum servers.

This was in the news recently, the attackers earned quite a bit of money.

but its just question why electrum allow them ?to run fake server

Quote from: TryNinja on February 02, 2019, 04:51:23 PM

they should have check and balance on all servers only accept servers from trusted source ?

Quote from: Nrcewker on February 02, 2019, 05:02:38 PM

-snip-

That would lead to some kind of centralization. Who says which server is trusted or not?

The exploit has been fixed already.

Quote from: TryNinja on February 02, 2019, 05:37:05 PM

Quote from: Nrcewker on February 02, 2019, 05:02:38 PM

-snip-

That would lead to some kind of centralization. Who says which server is trusted or not?

The exploit has been fixed already.

i think they should approve from backend only trusted servers allow . so they can get rid on issue like that also we need to report fake repository of elctrum

Quote from: Nrcewker on February 02, 2019, 06:07:15 PM

i think they should approve from backend only trusted servers allow . so they can get rid on issue like that

Electrum has been patched so that only "approved" error messages are now displayed, effectively mitigating this attack. However, it will only work for updated versions of Electrum. Anyone running older versions will still see the error messages.

It is impossible to have only "trusted" servers. That is centralisation, and that goes against the entire point of Bitcoin and decentralisation. Undecided

Also, if we only have "trusted" servers... and one gets hacked? There is no 100% foolproof solution to this problem. It just requires some care and responsibility on behalf of the user to protect themself. As has been said a LOT... you must ALWAYS check the digital signature of the Electrum installer/portable .exe before you install and/or execute it.

Quote

also we need to report fake repository of elctrum

I have reported the github repo. You can do the same thing here: https://github.com/contact/report-content

Quote from: bitdaric on February 04, 2019, 09:46:52 AM

Quote from: Nrcewker on February 02, 2019, 04:47:40 PM

https://github.com/eIectrum-wallet/electrum/releases/latest

this link is closed how you did download from?

It’s closed now but it wasn’t before.

After the hacker successfully gets some victims, he deletes all the evidence, create a new repo and start all over again.