Electrum Phishing

[BugBasher82]

Hi All,

So I fell foul to the Electrum phishing scam (it had been awhile since i used it and I'm not on form atm,, don't say it  ) and downloaded and installed "version 4.0.0", and to no surprise within a jiffy lost about £100 in btc (all that was in the wallet) when trying to send it.
I've come to terms with my stupidity now and have consigned that wallet to the grave. I have removed Electrum from my laptop (Add/Removed programs) and deleted all files with electrum in the name I can find to try and be sure. I've run a Bitdefender scan of the whole computer which has turned up nothing, but I still feel a little worried I might have left something nasty on my machine.
I'm also a bit nervous about installing and setting up a new Electrum wallet (from the correct .org site!) just because like anyone I don't want to chuck my money away.

Any advise would be welcome.

Thanks

[1714892911]

1714892911

[1714892911]

1714892911

[1714892911]

1714892911

[FinneysTrueVision]

I would buy a hardware wallet. They're not that expensive.

[wiik]

Simply deleting/uninstalling is not an assurance. I would recommend a fresh install of OS ? And wipe everything on that drive , or just use another PC for crypto purposes . I mean buying a new pc for a specific purpose like in your this case , Cryptocurrency. Scammers/hackers has a lot of ways to deceive users. Make sure to install antivirus/anti-malware softwares. Feels bad for your loss , thats a quite big money. Well, that would be a charge to experience. Sometimes we learn the hard way. Take extra care next time folks.

[dothebeats]

Always check the domain and just make sure you are getting it from the correct repository (electrum.org). The phishing incident has been going on for a couple while now and the Electrum team had already done things to negate the said issue so you'll be golden for a reinstall. However, if you are still afraid of any unwanted malware that the phishing software has left on your machine, a fresh install would be nice, though not really necessary as most antivirus software will see if something's wrong with your machine. Just run a deep scan of your PC if you're really that paranoid and you'll be fine.

[jseverson]

There shouldn't be any risks at all in installing a fresh one from the correct site:

https://electrum.org/#home

If it makes you feel better, transfer a small amount and let it sit for a while. AFAIK though, there's still a vulnerability where attackers can send you erroneous notices asking you to update, linking to phishing websites. I don't know if that issue has been fixed, but it shouldn't be too dangerous if you know about it.

Also, here's a way to check if your Electrum copy is legit.

[samcrypto]

I would buy a hardware wallet. They're not that expensive.

Always a good choice to store our coins. But I think you have nothing to worry about if you downloaded it from the legit site, so you must double check the link or what before you click the download sign. Its always better to be safe so do your best for this one, don't trust any link aside from the real one.

[pooya87]

I've run a Bitdefender scan of the whole computer which has turned up nothing, but I still feel a little worried I might have left something nasty on my machine.

as far as i can tell about the malicious versions that i have seen, they don't install any malware (like viruses or keylogger,...) on your computer. it is a simple modification of the code so that it spends your funds automatically as soon as you open the wallet and sends them to the hardcoded hacker's address.
so your Bitdefender or any other AV is never going to detect it.

I'm also a bit nervous about installing and setting up a new Electrum wallet (from the correct .org site!) just because like anyone I don't want to chuck my money away.

Any advise would be welcome.

familiarize yourself with digital signatures (PGP) and Web of trust concepts and learn how to use them to verify the authenticity of everything you download to install.

[BlackPanda]

I would buy a hardware wallet. They're not that expensive.

Always a good choice to store our coins. But I think you have nothing to worry about if you downloaded it from the legit site, so you must double check the link or what before you click the download sign. Its always better to be safe so do your best for this one, don't trust any link aside from the real one.

Downloading from the official website is a must because then security will be guaranteed, there are currently many services that provide this.
So please note that there are a lot of phishing sites and that our assets are not guaranteed.

[livingfree]

This is electrum related topic so it must be on Development & Technical Discussion > Wallet software > Electrum .

As they suggested, just download to the main site and don't go with any other websites which isn't owned by electrum and you're going to be fine with what you are downloading especially with desktop wallets like electrum.

[Botnake]

~snip~

I feel you man, I was a victim of this today and I loss my money as well, luckily that was only BTC0.0075.

This is what happen to me which I posted in this thread https://bitcointalk.org/index.php?topic=5113056.msg49936408#msg49936408

Just today I was a victim of this one. the same address above where my BTC goes.
You can check my address - https://www.blockchain.com/btc/address/158BpFWP32CU1wv54Rm2NqKGosFLvZbacd


I was transacting today using my electrum desktop wallet (electrum-3.3.2) but I count not proceed because  it prompt that I should update and go to this site -https://www.myelectrum.org, so since the message was shown in the app that I was using without a problem so I trusted it.

Next, I downloaded the " Windows Installer (signature) " it showed a file name ( electrum-4.0.0-setup.exe) and them installed it.

Afterwards I open the electrum app, then proceed to transact, actually I entered the right address but when I send it, it does not prompt to ask password like the old ones, so I was thinking, it could be because of the new update... then check the blockchain and to my dismay I have not seen my transaction which suppose to be instant.

So, I checked the history in my electrum app and saw that I sent it to the address " bc1qhsrl6ywvwx44zycz2tylpexza4xvtqkv6d903q " as you can see in the blockchain explorer link.



This is real, I hope everyone would read this so they will see this as a warning, they have to be careful, luckily I did not transact a higher amount.

So guys, what I should do now? Do I have to uninstall the new one I installed and then just install the old one? What if it will prompt again that I cannot transact?

Thanks, I just read your comment and I guess I would not reformat my PC anymore, I had already run my antivirus and no detection of any malware.

though not really necessary as most antivirus software will see if something's wrong with your machine

[NeuroticFish]

Any advise would be welcome.

The idea to put a few bucks onto the wallet and wait for a couple of days is not bad at all.

The only thing I'd do would be a thorough scan. I don't know if you ran the AV scan from an installed Bitdefender or from a bootable DVD/USB. I would download 1-2 reputed "recovery" antivirus images (at least one different from Bitdefender), burn them, boot and scan from them. May be a bit of overkill, but if you want to be 100% sure, this is a possible direction.

[Lucius]

Any advise would be welcome.
Thanks

Some say that it's just enough to remove fake version, and then install original from official site, but I would not feel safe to do only that. A safer option would be to format the disc and install fresh OS, and if you do not want to do it be sure to delete all traces of fake Electrum, and to do that go just paste %appdata%\Electrum in your C:/ and delete Electrum folder.

Good AV would probably stop you to even download such fake file, so consider some better option than you have now, or even better invest in hardware wallet.

[BugBasher82]

Thank you for all the info good people.

I think I am going to go with a format C: and reinstall just to be on the safe side.

Goodness knows what could have been done by me running a malicious .exe on my machine.

Serious stupidity on my part but very cleverly implemented by the hackers, they really tricked me good but have to say, I'm astounded Electrum left themselves open to this type of vulnerability. I mean the hackers actually manage to block initial outgoing transactions in order to fool you into thinking you need an update.

Bastards.

[whotookmycrypto]

familiarize yourself with digital signatures (PGP) and Web of trust concepts and learn how to use them to verify the authenticity of everything you download to install.

hey OP, pooya87 made a very good point about verifying your downloads. It could have helped prevent what happened to you. This is a good site that covers it. Link. Sorry for what happened to you.

[bathrobehero]

I'm late but I just got tricked into the fake, 4.0.0 version in a hurry and the moment I knew it was fake when it asked for my 2FA when I launched it. So I didn't give it to them.

Removed it, did a malware scan and did a search for all the files that were created/last accessed in the last 20 minutes and I didn't find any new or suspicious files or any extra running processes or msconfig service/startup entries so now I'm wondering if it had any persistent elements to it as I don't think so but I'm curious about others. Did it also target other wallets?

[BitMaxz]

Removed it, did a malware scan and did a search for all the files that were created/last accessed in the last 20 minutes and I didn't find any new or suspicious files or any extra running processes or msconfig service/startup entries so now I'm wondering if it had any persistent elements to it as I don't think so but I'm curious about others. Did it also target other wallets?

Never heard yet that they are also targeted other wallets. If you want to make sure that your PC is safe, scan the whole PC with Malwarebytes and deep scan on kaspersky might find some suspicious activity in your PC. Also, I recommend you to use IObit advance uninstaller to fully remove all traces from your PC including Regedit before you install the legit Electrum wallet.

[DireWolfM14]

I have a hard time trusting third party virus and malware removers when it comes to crypto wallets.  A scammer can take measures to mitigate the chances of their malware being found, or you could get false positives.

To be on the safe side, I would reinstall the OS.  That's likely overkill, but my financial security deserves overkill.

@OP and bathrobehero, learn to use PGP and verify the signature when you download Electrum.  It's a great desktop wallet, and is worth the extra security steps to make sure you're using it safely.  Otherwise, hardware wallets are a great alternative.

[bathrobehero]

@DireWolfM14 Yep, the payload could be encrypted or otherwise hidden so scanners are never a 100% reliable, we know that. I got used to verifying my download sources but I've never seen an Electrum broadcast message so it took my guard down. And after seeing how many people got fooled by it, in many waves and since how long ago since the first, I'm feeling pretty annoyed with how the Electrum devteam is handling it.

I moved my funds to an offline computer and will be formating this PC.

It's just people tend to become lazy with security until they get caught. Didn't lose anything but easily could have. Anyway, thank your for your help.

[Botnake]

Removed it, did a malware scan and did a search for all the files that were created/last accessed in the last 20 minutes and I didn't find any new or suspicious files or any extra running processes or msconfig service/startup entries so now I'm wondering if it had any persistent elements to it as I don't think so but I'm curious about others. Did it also target other wallets?

Never heard yet that they are also targeted other wallets. If you want to make sure that your PC is safe, scan the whole PC with Malwarebytes and deep scan on kaspersky might find some suspicious activity in your PC. Also, I recommend you to use IObit advance uninstaller to fully remove all traces from your PC including Regedit before you install the legit Electrum wallet.

So far my other wallet are safe, I was able to do a successful transaction after I got phish with a small amount.
I don't need to reinstall my OS as I believe my antivirus would detect if there's some traces left, hopefully I'm be safe and I would regret if my funds will be stolen again since I don't follow other's suggestion to have my PC fresh.

[Pmalek]

I don't need to reinstall my OS as I believe my antivirus would detect if there's some traces left, hopefully I'm be safe and I would regret if my funds will be stolen again since I don't follow other's suggestion to have my PC fresh.

I wouldn't risk it if I were you. If you have a lot of assets worth protecting on that PC just reinstall it to be perfectly safe. If you had a fake software installed who knows what else it could have done to your system that your AV hasn't yet picked up!