As usual, I opened my Electrum Wallet and tried broadcasting transaction from this address (where I had my funds)

https://www.blockchain.com/btc/address/1NJi2xFKw52PsXKBcxMwPFFVrEsJRcM5we

Now I run electrum on my Mac and have been using that address for a while. I entered the transaction details and hit send. It threw an error that the transaction cannot proceed since I'm using an outdated version of electrum which has a potential security vulnerability. It displayed a pop-up screen with links to download the updated wallet and said the links cannot be copied since I've to paste them in the browser manually. You know, when it's happening inside Electrum's official wallet, you tend to blindly trust it. I think I was wrong. I went ahead and downloaded the wallet from that link, opened it and BOOM. My money was sent to this address :

https://www.blockchain.com/btc/tx/35412ea62a34876e38f3668a6ab0259f9d0113d04006191edeb23e5fef0fa915 [TX ID]

bc1qcla39fm0q8ka8th8ttpq0yxla30r430m4hgu3x


The awkward part was this time the electrum ICO to open the app was different


Further investigating, I found the file that I downloaded was from the website: https://goelectrum.com/#home which is an absolute rip-off of https://electrum.org/#home the official website. This is pretty much clear that this was a hack. What bothers me is how I got hacked through an official Electrum wallet without having malware or anything.

I lost good $500 folks, stay safe out there.

I added electrum's github into bookmarks and I check it every time before sending transaction. Everyone pays own price to learn safety.

Get rid of "Electrum Official Wallet" in the title, as it's clearly not official. Very misleading.



That is malware.

Firstly, you misunderstand the OP because I don't see any mistake he made which was some sort of blame or accuse and the only mistake OP made was that he's aware of the malicious messages sent to electrum user and holding your fund in an outdated wallet is also not a good idea either. I will advice the OP to raje heart, use conc antivirus and be security conscious because Mac user are hacker target this days. Besides, OP need to remove the official wallet in this thread topic cause the wallet was not downloaded from electrum official site.

Older versions of electrum allows electrum servers to serve clients custom error messages that include text. The electrum server that Joel_Jantsen was connected to served him the error message saying to download the fake "electrum" wallet that contain malware.

The original wallet software that Joel_Jantsen was using was not malware.

As of now, electrum servers will not connect to older versions of electrum, so they will naturally find the *real* website to download from.   

Yes, I missed that scam link! I should have been more updated on the issue. I'm just posting this so if there are still users who are living under the cave can benefit from it.

Thanks for the kind words man. It's only after the loses we learn so I guess I gotta be more careful next time. This is sad because I'm a developer/Ethical Hacker myself and I fell for this so easily.

It's official because the malware was infected inside of the official wallet and not something I downloaded externally. Of course, the downloaded was from outside electrum but I got linked to that from inside of electrum.

That is the hard truth yes but again electrum was the primary source of the hack.

Absolutely!

@Everybody else: Thanks for your kind words. Don't trust anything without cross verifying.

We could report it to their web hosting. According to WhoIs, they are hosted on netengi.com servers.

And according to NetEngi's ToS:

Source: https://netengi.com/tos.html

I will send them a message.

Thanks but they will be up again with the new servers in no time. To solve the problem from the root, old versions of electrum should throw an error message to update the wallet using the official link. The phishing error is thrown when we hit the send button, the update to wallet message must be displayed on opening electrum.

Yes, I figured that out.

After reading this I transferred all my coins to Exodus, it's not safe to use Electrum anymore, I have been reading a lot of this in the past, I just hope it will never happen to Exodus and Greenwallet, which I'm using right now, but I will remember this and only download from official source.

It's not that Electrum isn't safe. People aren't safe.

Some guy found a small exploit on the way the client showed the error messages from the server, and they used that to make users go to a fake website and download an infected wallet. If the user has the idea on mind that only ELECTRUM.ORG is legit, he will never fall for this kind of stuff. This is more of a social engineering issue than a security issue. For now, Electrum is still pretty safe.