just got hacked through electrum

[TryNinja]

Stop multi-posting.

There is nothing you can do and Electrum won’t pay you anything. Your coins are are gone. Sorry, but you should just accept and move on.

[HCP]

I think my electrum wallet is hacked too.

Yesterday i received 0.048 btc , clock 08.50 pm.
Then ,  clock 00.27 am i have send those bitcoins but i havent.
Whats going on ??

Given that you haven't been a victim of the current phishing scam and downloaded a malware version of Electrum, then it is likely that your wallet seed mnemonic (12 words) have been compromised.

- Have you ever stored your Electrum 12 word seed mnemonic in a digital format? ie. text file or screenshot on your PC, email or cloud file storage?
- Have you ever entered your Electrum 12 word seed mnemonic in another wallet, website or other application for trying to access fork coins like Bitcoin Cash, Bitcoin Gold, Bitcoin Diamond etc etc?

NOTE: as TryNinja says... you cannot get your coins back... and Electrum accept no liability. The point of these questions is to try and help you understand why you lost your coins so you can avoid making the same mistakes.

[HCP]

Are you just trolling on purpose now? Or is it just that you fail to grasp that all of the things you want:

- Electrum to notify of updates
- Electrum to not display arbitrary text in error messages
- Electrum to post notification of security alerts

have already been implemented... Latest version of Electrum includes "opt-in" update notifications... it has been patched so only hardcoded error messages will be displayed... and the devs always post on the official website regarding security issues... they've even started using "good" servers to notify users of older versions that they should update.

This has been pointed out to you multiple times in multiple threads and you keep saying "not enough"

What more do you want the devs to do?

[bob123]

not enough

That is definitely enough.

It is MORE than you should expect.

Everyone is responsible for his own actions. If you fall for cheap phishing messages, you should consider using a hardware wallet or not using cryptocurrencies at all.

Noone and nothing stops you from receiving an email "sent by" electrum.org which says you to download a new (malicious) version, etc..
This is due to the fact that email is a broken protocol.
If YOU fall for something like this, it is YOUR fault. Same goes with downloading files without verifying the signatures.

[bob123]

Legendary why you dont want electrum to show security alerts to users? You want to fool users?

Simple.

1)
Because it is NOT necessary. Anyone with a brain (who actually is able to use it properly) knows how to stay up-to-date.
And people who don't have any clue about security, shouldn't store cryptocurrencies on a desktop wallet at all.

2)
It creates additional attack vectors. I know that you don't understand anything regarding security/vulnerabilities.
So either just believe me or do your own research.


You fell to a very very basic phishing scam. Admit it, learn from it and move on.
I stop responding to your trolling posts now because it seems that you don't learn anything from it anyway.

[actmyname]

It seems ludicrous to cry about coins that you lost due to your own stupidity.

If you drop a thousand dollars on the street, do you run up to your bank to ask them to refund you?
If you get scammed, it is no one's fault except your own. (that, and the scammer's)

[Artemis3]

I have version 3.0.3 and i have a password when i open my wallet and send.

Did you download Electrum from anywhere else other than electrum.org? Like a github link?

Did you receive a popup telling you to update your Electrum after trying to make a transaction?

Using v3.2.3 I saw the phishing popup yesterday from one of the rogue servers when i tried to do a tx. I'm sorry I forgot to screenshot, but it wasn't a github url. It was electrumsomething.com. Probably github kicked the phishers out and they registered another more "innocuous looking" url... I just switched to a trusted known server and did the tx fine (despite another nag saying my Electrum was "vulnerable", download a new version from electrum.org yadda, yadda.).

I already upgraded to v3.3.3... Was just waiting for the Arch package update.

[HCP]

Using v3.2.3 I saw the phishing popup yesterday from one of the rogue servers when i tried to do a tx. I'm sorry I forgot to screenshot, but it wasn't a github url. It was electrumsomething.com. Probably github kicked the phishers out and they registered another more "innocuous looking" url... .

Thanks for the report...


Can confirm that "electrumd o w n l o a d.com" (DO NOT VISIT - SCAM URL!) is a phishing URL... with version "4.0.0" available for download...

Chrome initially warned that the website was unsafe... After manually "proceeding" to the website, I attempted to download it onto the sandboxed VM... and Windows Defender detected a trojan (Trojan:Win32/Spursint.F!cl) and removed the download. After manually allowing it... I tried to GPG check the file and got "gpg: Can't check signature: No public key"

Be safe out there!

[mindrust]

This was a big kick in the balls for all electrum users. No matter how many times they fix it now, I don't think I'll ever use electrum again. The trust is lost. It is either the core wallet or nothing now.

[pooya87]

This was a big kick in the balls for all electrum users. No matter how many times they fix it now, I don't think I'll ever use electrum again. The trust is lost. It is either the core wallet or nothing now.

just out of curiosity would you mind explaining why you ignore the vulnerabilities that have existed and do exist in bitcoin core and still trust it while your logic in this comment is that if a software has a bug it is not-trusted?

here is a list of them with their seriousness, the latest of which was a validation check which could easily be exploited and split the whole network: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures

[rokkyroad]

This was a big kick in the balls for all electrum users. No matter how many times they fix it now, I don't think I'll ever use electrum again. The trust is lost. It is either the core wallet or nothing now.

You won't get much sympathy here. Some insist on blaming the users for not verifying the download despite the hack happening in a verified wallet.

The same crew insists its a software bug not a hack. Whatever it was, it was to the tune of 1 million bucks or more.

[HCP]

That is because it wasn't a hack... it was social engineering. The exploit simply allowed the attackers to display a message with a clickable link. It did NOT give any access to private keys or seeds.

So, any funds held in the legitimate wallet were "safe"... Funds were only lost if users then manually downloaded, installed and ran the "fake" version of the wallet (that failed digital signature validation!) that was being advertised via this software bug/exploit. Users who did nothing were safe.

If users attempted to validate the digital signature of the wallet (that they had to manually download) before they installed/ran it... then they would have found it was fake, and would have most likely avoided losing funds.