Bitcoin Forum
February 23, 2019, 01:53:58 AM *
News: Latest Bitcoin Core release: 0.17.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: just got hacked through electrum  (Read 312 times)
jon0190
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 07, 2019, 03:09:17 AM
 #1

I tried to send coins out of electrum and was stopped for upgrades, when I get back in my money is gone? I frooze the transaction and it confirmed anyway. Do they even have support to contact? I have no money now, how is this happening,
1550886838
Hero Member
*
Offline Offline

Posts: 1550886838

View Profile Personal Message (Offline)

Ignore
1550886838
Reply with quote  #2

1550886838
Report to moderator
1550886838
Hero Member
*
Offline Offline

Posts: 1550886838

View Profile Personal Message (Offline)

Ignore
1550886838
Reply with quote  #2

1550886838
Report to moderator
1550886838
Hero Member
*
Offline Offline

Posts: 1550886838

View Profile Personal Message (Offline)

Ignore
1550886838
Reply with quote  #2

1550886838
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1550886838
Hero Member
*
Offline Offline

Posts: 1550886838

View Profile Personal Message (Offline)

Ignore
1550886838
Reply with quote  #2

1550886838
Report to moderator
1550886838
Hero Member
*
Offline Offline

Posts: 1550886838

View Profile Personal Message (Offline)

Ignore
1550886838
Reply with quote  #2

1550886838
Report to moderator
TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 07, 2019, 03:13:48 AM
 #2

Which version were you previously using? Did you receive a “warning popup” - after trying to do a transaction -  telling you to update your Electrum from a github link?

If that’s the case, your fell for a phishing scam and your coins are gone. There is nothing you can do since BTC transactions are irreversible.

Do a clean reinstall of your OS and create a new wallet. Both your PC and walet are most likely compromised. Also, NEVER dowpoad Electrum from a website that isn’t electrum.org; That’s the ONLY legit place you can get it.

jon0190
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 07, 2019, 03:21:05 AM
 #3

I've never been phished before, its fucked up because it comes from the app. Not being mean towards you this is fucked up. they need to pull the service if they can't run it decently
TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 07, 2019, 03:29:02 AM
 #4

I've never been phished before, its fucked up because it comes from the app. Not being mean towards you this is fucked up. they need to pull the service if they can't run it decently
It was a vulnerability. The Electrum servers (which anyone can run due to its descentralized nature) could make the Electrum wallet connected to it show a customized error message. So, the hacker deployed a bunch of malicious servers they showed the “please update” message you say.

When dealing with money, you should never put your guard down. Verifying the signatures of the binaries should be a mandatory step when downloading/updating Electrum.

Anyways, the vulnerability has been fixed in the latest version which was launched a few days ago and that you didn’t have. Unfortunately, it’s too late now. Sorry.

elda34b
Full Member
***
Offline Offline

Activity: 350
Merit: 133



View Profile
February 07, 2019, 05:54:20 AM
 #5

lol. "has been fixed in the latest version" but old users dont know about that

Well they should always verify a signature before they download and install the apps. That's the basic steps to protect yourself. Blaming everything on the software won't solve anything, help yourself by making sure you install the correct apps.

jon0190
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 07, 2019, 07:28:54 AM
 #6

It happened because the software stopped me from proceeding you fucking idiot!


lol. "has been fixed in the latest version" but old users dont know about that

Well they should always verify a signature before they download and install the apps. That's the basic steps to protect yourself. Blaming everything on the software won't solve anything, help yourself by making sure you install the correct apps.
jon0190
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 07, 2019, 07:42:58 AM
 #7

What’s happening is the equivalent of your bank letting you use a mobile app as your only way to bank, then not telling you hackers have taken it over and you won’t be able to withdraw your money. What good is updates on your website when you have no reason to go to the website in the first place. This is a complete crock of shit
jon0190
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
February 07, 2019, 08:45:54 AM
 #8

What kind of software doesn’t tell you when important updates are required?
jossiel
Hero Member
*****
Offline Offline

Activity: 1078
Merit: 525



View Profile
February 07, 2019, 09:23:41 AM
 #9

Is this exactly the same problem that you met?
https://www.reddit.com/r/Electrum/comments/amfbie/ongoing_attack_on_electrum_cant_send_bitcoins/

Do they even have support to contact?
https://twitter.com/ElectrumWallet

when I get back in my money is gone?
Sorry for your lost mate.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 07, 2019, 11:20:18 AM
Merited by igor72 (1)
 #10

electrum should protect its users. If op run electrum and it says "No. You are using old version and it has been hacked. It has been fixed in the latest version. Download the latest version from electrum.org" then we dont have topics like this
What kind of software doesn’t tell you when important updates are required?
And what happens when the centralised update server gets hacked... broadcasts a spam to all users that they need to update to new version and all the users blindly trust that because "it is the Electrum update server" and download a malware wallet and lose all their funds? You'd all be asking "why Electrum have forced update notification?"

"Be your own bank" implies "Be your own Bank's security department as well". Everyone is all about the "freedom" of Cryptocurrency... no-one seems to want the added responsibility that comes with that freedom.

There are ways and means to protect yourself... and the easiest is to ALWAYS verify the digital signature of the Electrum installer (or portable .exe). Even when I have downloaded it from Electrum.org, I will ALWAYS verify the digital signature of the downloaded file to confirm it is legit.

So, even if I had received the spam message, ignored the fact it redirected to github instead of the official website and downloaded the malware installer, I never would have installed it... because the malware installer would have FAILED the digital signature verification.

HCP
Legendary
*
Offline Offline

Activity: 882
Merit: 1123

<insert witty quote here>


View Profile
February 07, 2019, 08:43:30 PM
 #11

It is all rather moot anyway... it looks like you got your wish... they've added (opt-in) update notifications to Electrum, and apparently have started using "good" servers (via an ElectrumX update) to broadcast update notifications to older versions of Electrum that are vulnerable to the exploit.

pooya87
Legendary
*
Offline Offline

Activity: 1554
Merit: 1409



View Profile
February 08, 2019, 05:28:40 AM
Merited by HCP (2)
 #12

What kind of software doesn’t tell you when important updates are required?

in my opinion it is mainly because there is a lot of controversy circling the wallet softwares that do alert users of new versions. so developers decide not to include such features in their software.

in any case, you are in a decentralized world using a decentralized currency with open source/free software. it is your own responsibility to follow their vulnerabilities, shortcomings,... and learn how to increase your own security as much as possible. nobody is going to take your hand and do it for you.

ml73
Full Member
***
Offline Offline

Activity: 191
Merit: 100


View Profile
February 09, 2019, 03:54:18 PM
 #13

Hi..

I think my electrum wallet is hacked too.

Yesterday i received 0.048 btc , clock 08.50 pm.

Then ,  clock 00.27 am i have send those bitcoins but i havent.

Whats going on ??


       Mika

ml73
Full Member
***
Offline Offline

Activity: 191
Merit: 100


View Profile
February 09, 2019, 03:55:47 PM
 #14

I have version 3.0.3 and i have a password when i open my wallet and send.

TryNinja
Legendary
*
Online Online

Activity: 924
Merit: 1025


ChipMixer's Badge of Honor


View Profile
February 09, 2019, 03:58:40 PM
 #15

I have version 3.0.3 and i have a password when i open my wallet and send.
Did you download Electrum from anywhere else other than electrum.org? Like a github link?

Did you receive a popup telling you to update your Electrum after trying to make a transaction?

ml73
Full Member
***
Offline Offline

Activity: 191
Merit: 100


View Profile
February 09, 2019, 04:15:46 PM
 #16

I havent receive any popups and i downloaded from their site about two years ago.

This is the transaction what i havent made :

https://www.blockchain.com/btc/tx/785727d486869504a0e9e505b7430001ea7d0d2ce574ebde00fccc21b42e2d9c

bob123
Hero Member
*****
Offline Offline

Activity: 826
Merit: 830



View Profile WWW
February 09, 2019, 04:16:36 PM
 #17

It happened because the software stopped me from proceeding you fucking idiot!

That's not completely true.

The electrum server which you were connected to (which can by run by anyone who wants to) didn't broadcast your transaction.
That's not related to the electrum wallet itself.


Instead of simply clicking on an URL to download software which you didn't even verify the signature of, you could have simply connected to a different (non-malicious) electrum server.


I don't know how often you already read that here on the forum.. but.. Verify, don't trust!





I havent receive any popups and i downloaded from their site about two years ago.

The fact that you didn't update a software which holds your money for about 2 years, is already pretty bad.

Unfortunately there is no way for you to get the money back.


Since you didn't download a malicious wallet trough a phishing attempt and since your wallet is password protected, i'd say that the most plausible explanation is that your computer is infected with malware.

Did you download any half-way-shady software within the recent days ?
Do you use a legal copy of windows (cracked versions almost always have backdoors built in) ?


ml73
Full Member
***
Offline Offline

Activity: 191
Merit: 100


View Profile
February 09, 2019, 04:18:48 PM
 #18

and i have a password in my wallet

ml73
Full Member
***
Offline Offline

Activity: 191
Merit: 100


View Profile
February 09, 2019, 04:31:52 PM
 #19

Electrum should pay me for my lost coins  !!!

ml73
Full Member
***
Offline Offline

Activity: 191
Merit: 100


View Profile
February 09, 2019, 05:33:54 PM
 #20

There is nothing what i can do Huh

Pages: [1] 2 »  All
  Print  
 
Jump to:  

Bitcointalk.org is not available or authorized for sale. Do not believe any fake listings.
Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!