Multiple Qs prompted by the phishing attack re opsec/vulnerability

[N00B4L]

I downloaded electrum-3.3.4-setup.exe from https://electrum.org/#download (address copied and pasted from the tab that is still open in my browser)

i have no reason to believe i have downloaded a compromised version at this point. I have not interacted with the wallet since install.

The sha256 hash of the download i installed the update from from matches other installers acquired from other browsers electrum-3.3.4-setup (1).exe electrum-3.3.4-setup (2).exe (can this, has this been spoofed as far as anyone knows?)


I did not feel comfortable gpg verifying the download. I thought if i was confident i was installing from a link on the actual electrum site that should be enough, but if I install the new version to a new directory and (this part did not go as planned hence me registering here and posting this) "only" restore in the newly installed client a seed from a wallet with a smaller amt of btc as a test and it didn't disappear then i could be confident the new install was legit. (the new install apparently overwrote the previous install, and populated the "recent" wallets from the previous version automatically which i did not expect. So i got paranoid and i am here trying to decide what to do next.)

If I have or will DL/install compromised updates to electrum does the attacker immediately gain access to every (seed)wallet>addresses that i can toggle between under file>recently open? (so my btc in all "recent" wallets are already gone)

If yes how can i prevent the electrum client from being a central point of failure in the future for all wallets/coins stored (hot) on that device (Passwords? moving .dat out of a directory, and zip-encrypting it...??) shy of a watch only + airgapped machine, which i will get to eventually but not now.

(If no, i am actually OK with a limited attack surface of one seed/wallet at a time, I generate a new seed for each new receive address, so if i would find out i was compromised losing the contents of one wallet and be able to protect the rest of the hot seeds/wallets it would be acceptable risk.)

If i already installed a compromised version but not all coins across all seeds/wallets listed in recent have been swept instantly (i did not broadcast any transactions), what steps can i take to protect funds in the other "recent" hot seeds/wallets?


Of course any other advice/links on general opsec could be useful, but honestly if only one wallet at a time is at risk of being compromised that is a level of risk i am fine with in perpetuity.

Thank You

[jackg]

Is there a (1) at the end of the file? That might be making it hash differently if so os dependent...

If the wallet apps infected with something the only thing you should do (if you have all the seeds) is completely reinstall the os on your computer.

Chances are the files aren't infected if downloaded from the website.

[N00B4L]

they all hash identically despite different names given to copies of what i assume are the same file.


In the immediate sense what i would want to avoid is the situation where the BTC from other wallets havent been stolen yet, but somehow they will be when i attempt to broadcast a transaction or generate a new seed in a compromised client.

Otherwise they are already gone and i cant do anything about that, or they are already as safe as they were before the new installation.


It does bother me that i had thought i was being clever protecting myself by separating funds into different wallets every time i receive new btc but it occurs to me now that very much may not be the case.

[jackg]

Back when transaction fees were high and people needed to pay for transactions to be confirmed more than normal, pools used to offer a transaction acceleration service. You could try contacting the owner of f2pool I think they're active on the forum (I'm not sure of their name though you could pm quicksellers first in order to get it).

Edit: the owner is macbook-air but he's been away for a while https://bitcointalk.org/index.php?action=profile;u=16114. Message a few pools support with the transactions.

[N00B4L]

I think you meant this for a different thread

[jackg]

Post 3 paragraph 2 is what I was replying to? How to stop that exact sort of attack from happening. Pool owners can put transactions into blocks without them being broadcast. Bitmain and f2pool I know of have special software for including their own transactions.

[N00B4L]

Aah, OK, that was well over my head but i think i kind of understand the general idea now.

Hopefully there is something local i could do to keep the various seed/wallets isolated from one another so the only wallet vulnerable to a potentially corrupted client would be the currently active one.

At this point my best guess would be to find and delete the wallet.dat files of all wallets and restore one by one from seed. (or restore them as a format that doesn't allow more than one to be stored in "recent" at a time but i don't know how to do that or if its possible)

[Abdussamad]

The sha256 hash of the download i installed the update from from matches other installers acquired from other browsers electrum-3.3.4-setup (1).exe electrum-3.3.4-setup (2).exe (can this, has this been spoofed as far as anyone knows?)

All this tells you is that you correctly downloaded the same file. It doesn't tell you whether this file is legit electrum or fake electrum. That's why we do gpg signature verification. When you do that you are checking that the maintainer has signed the file in addition to checking that you downloaded it correctly. If you trust the maintainer ThomasV then you can trust the download.

I did not feel comfortable gpg verifying the download. I thought if i was confident i was installing from a link on the actual electrum site that should be enough, but if I install the new version to a new directory and (this part did not go as planned hence me registering here and posting this) "only" restore in the newly installed client a seed from a wallet with a smaller amt of btc as a test and it didn't disappear then i could be confident the new install was legit. (the new install apparently overwrote the previous install, and populated the "recent" wallets from the previous version automatically which i did not expect. So i got paranoid and i am here trying to decide what to do next.)

You can still gpg verify the download so I suggest doing that. That'll make your life a lot easier. Here's a guide. You learn how to do this once it serves you every time you need to update electrum going forward. Electrum gets updates a lot so you will need this knowledge.

If I have or will DL/install compromised updates to electrum does the attacker immediately gain access to every (seed)wallet>addresses that i can toggle between under file>recently open? (so my btc in all "recent" wallets are already gone)

The wallet file is encrypted with the password you set in electrum. So the attacker gets access to your coins as soon as enter the password. If you never do that he doesn't get access to your coins although there's still the possibility that he installed other malware on your PC. It's also possible that he may get your encrypted wallet secrets and attempt to brute force your password at his convenience. So if you never entered the password you should still move your coins to a new wallet.

If yes how can i prevent the electrum client from being a central point of failure in the future for all wallets/coins stored (hot) on that device (Passwords? moving .dat out of a directory, and zip-encrypting it...??) shy of a watch only + airgapped machine, which i will get to eventually but not now.

You can't. If the wallet is malware it doesn't matter what you do you will lose your coins.

If i already installed a compromised version but not all coins across all seeds/wallets listed in recent have been swept instantly (i did not broadcast any transactions), what steps can i take to protect funds in the other "recent" hot seeds/wallets?

Reinstall the OS, download, gpg verify and install genuine electrum and then move your coins to new wallets with new autogenerated seeds. You can create a new wallet via file > new/restore, enter a unique filename and click next for the rest of the steps.

Of course any other advice/links on general opsec could be useful, but honestly if only one wallet at a time is at risk of being compromised that is a level of risk i am fine with in perpetuity.

Thank You

Learn to gpg verify the download and save yourself the headache and worry.

[N00B4L]

Thank you for the detailed reply.

The GPG process involves installing software that i haven't verified, which could itself be malware. I couldn't figure out a way past that dilemma. Its a chicken or the egg situation if i already have btc on the device.


I imagine I am not the first to mention this but just in case...

It seems like an inelegant design to have no way to protect various wallets from the client. (malware that would seek out and open wallets should get flagged by scans, unlike hard coded send addresses employed in some of these attacks), that cant be a relatively easily remedied oversight in design can it, because it seems quite valuable to add if it is possible? (fingers crossed for future versions)

Also is there a way to install several instances of electrum on a single device, one for each seed? (are there other lite clients comparable to electrum?)

The simplest most intuitive way for someone less savvy to protect themselves from catastrophic loss is "not putting all your eggs in one basket"

(or more appropriately, not putting all your eggs in 3 baskets when you could spread them over 30 or 300. Losing 1/3 of your btc is devastating losing 1/300th would make you relieved you were alerted to a security issue cheaply by comparison)

[jackg]

To be honest. It's slightly on you for not setting a password. If you had a strong password on all the other wallets then you can consider those safe.

What OS are you using? Windows has a built in way to check signatures and so does Linux. (although debian and Ubuntu have usually outdated stuff). I don't like installing anything related to signature validation either but its more likely the key for that is on your computer already.

Password protecting the wallet is the only solution. A malicious wallet can copy your entire file system. In the background while you don't notice (it could actually be doing it now theoretically). Heuristics can track down these sort of files easily.

[N00B4L]

Ya its definitely on me for not seeking out these answers sooner, but I'm working through the appropriate paranoia now, hopefully while incurring no losses due to lax procedures in the past.


so using wallets with strong passwords will leave just the active wallet vulnerable at any given point? (I'd be happy with that)


Windows 10 (i thought windows was the OS without a native process for it)

[jackg]

Whenever I run my wallet it gives me the run or cancel dialog which it would do for you on install I think.

It says its signed by "electrum technologies Gmbh" for me and I don't remember importing keys for it...


Generally sometimes it'll say unknown publisher but if you click on properties it usually doesn't once its signed.

[N00B4L]

The installer has "2013-2018 Electrum technologies GmbH" under copyright and under Digital Signatures, name of signer (without 2013-2018) with a timestamp of Wednesday February 13, 2019 4:57:17 PM but that is a different type of verification than the GPG4win method which is the only signature verification method i have seen suggested.

[Abdussamad]

Once you install malware on a system you should consider that entire system compromised. Installing multiple copies of electrum won't do anything for you.

However if this is a general question regarding support for multiple wallets then that is definitely there. You can create new wallets and switch between them.

[N00B4L]

Ya, I have no reason to believe there is anything wrong with my current (un-GPG verified) installation of electrum but i am far less safe than i believed i was if a malicious electrum install can sweep coins from all wallets/seeds on the device.

I follow the steps here every time i generate an address to receive bitcoin:
https://bitcoinelectrum.com/creating-an-electrum-wallet/#comment-7419
(Standard, New seed, Legacy, password-left blank which now seems like some degree of mistake)

What steps should i take so in the future should i install a corrupted version of electrum client that only the contents of the active seed/wallet would be lost, not other wallets on the same device?

IE:
Electrum client (corrupted)>>
-wallet0 (old) >BTC(spent, dust, unimportant)
-Wallet1(ACTIVE) >BTC (stolen)
-Wallet2 >BTC (safe)
-Wallet3 >BTC (safe)
-Wallet4 >BTC (safe)
-Wallet5 >BTC (safe)
.......
.....

^^ is that possible? What steps do i have to take?

[Abdussamad]

You can set a password via wallet > password. Be sure to write down the seed before you do this in case you forget your password. Seed can be referred to via wallet > seed.

I've already explained above that if you install malware nothing on your system will be safe. The only step you can take is to not install malware in the first place. Learn to verify the gpg sig so you don't install malware by accident.

[HCP]

What steps should i take so in the future should i install a corrupted version of electrum client that only the contents of the active seed/wallet would be lost, not other wallets on the same device?
IE:
Electrum client (corrupted)>>
-wallet0 (old) >BTC(spent, dust, unimportant)
-Wallet1(ACTIVE) >BTC (stolen)
-Wallet2 >BTC (safe)
-Wallet3 >BTC (safe)
-Wallet4 >BTC (safe)
-Wallet5 >BTC (safe)
.......
.....

^^ is that possible? What steps do i have to take?

I think I understand what you're saying... you're wanting each Electrum instance to only have access to ONE wallet file... so if you accidentally update with a "BadElectrum"™, only the contents of that one wallet will be at risk...

If you are on Windows and use the "Installer" or "Standalone" versions... then no, it will store your wallet files in your "%AppData%/Electrum/wallets" folder... However, if you use the "portable" version, it looks for (and/or creates) a "wallets" sub-folder in the folder where you execute the .exe from...

So... if you created a random directory somewhere... ie. "SuperSecretElectrumFolder"... and then created subdirectories for each wallet... and put a unique copy of the portable .exe in those subdirectories, it would essentially do what you're looking for.

Starting with:
C:\MyElectrumFolder\wallet1\electrum-3.3.4-portable.exe
C:\MyElectrumFolder\wallet2\electrum-3.3.4-portable.exe
C:\MyElectrumFolder\wallet3\electrum-3.3.4-portable.exe
...
C:\MyElectrumFolder\walletX\electrum-3.3.4-portable.exe


After running each portable.exe and creating a wallet, you would then end up a folder structure like this:
C:\MyElectrumFolder\wallet1\electrum-3.3.4-portable.exe
C:\MyElectrumFolder\wallet1\wallets
C:\MyElectrumFolder\wallet1\wallets\default_wallet

C:\MyElectrumFolder\wallet2\electrum-3.3.4-portable.exe
C:\MyElectrumFolder\wallet2\wallets
C:\MyElectrumFolder\wallet2\wallets\default_wallet

C:\MyElectrumFolder\wallet3\electrum-3.3.4-portable.exe
C:\MyElectrumFolder\wallet3\wallets
C:\MyElectrumFolder\wallet3\wallets\default_wallet

...

C:\MyElectrumFolder\walletX\electrum-3.3.4-portable.exe
C:\MyElectrumFolder\walletX\wallets
C:\MyElectrumFolder\walletX\wallets\default_wallet

When you run any of the portable.exe's it would only see the "default_wallet" file that exists in it's own folder structure...


However, as Abdussamad has already indicated... you can't really know for certain that a malware version of Electrum isn't doing things other than just sending your coins or seed to a thief... it's quite possible it could be installing all sorts of rogue scripts, processes, viruses, keyloggers etc...

This portable.exe setup would ONLY save you from the very "basic" attack that involves waiting until you start the fake wallet, open your wallet, enter password and sending either the decrypted seed or autosending a transaction containing all your coins.

Verifying the digital signature of the Electrum installer or portable.exe files is the best way to safeguard from fake versions of Electrum.

[N00B4L]

Yes! That sounds like just what I'm looking for! I will check into the portable version.

"BadElectrum"™ only getting the one associated wallet before i discover the breach is a small price to pay for more peace of mind. (though with a name that catchy, perhaps it deserves more)


I did DL and checksum GPG4win on a 'disposable' device but didn't finish installing and GPG verifying the DL yet, but ill eventually get comfortable with it.

[jackg]

That's not the perfect solution.. Just encrypt your wallets.

There are time-based malware. What if you decrypt everything and after a month or a few days, all your keys are sent to a main server. They then batch broadcast a load of transactions and all your coins are gone (this IS about as possible as the last attack).

[HCP]

Yeah... exactly. You're relying on the malware makers to be very lazy and implement a very simple and "immediate" attack. A "delayed" attack will certainly defeat that setup.

Encrypting the wallet files (possibly with different passwords) and checking/verifying the digital signatures of downloaded installers is really the best form of defense.