Bitcoin Forum
September 23, 2019, 06:52:03 PM *
News: If you like a topic and you see an orange "bump" link, click it. More info.
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: Electrum under Siege by Bots, again!!  (Read 209 times)
shasan
Copper Member
Sr. Member
****
Offline Offline

Activity: 546
Merit: 334

Need a Bounty Manager? t.me/shasan32


View Profile WWW
April 30, 2019, 10:35:11 AM
 #1

Quote
Electrum Wallet Botnet Infects 150,000 Machines, Steals $4.6 Million in User Funds.
See details by clicking on the image:

1569264723
Hero Member
*
Offline Offline

Posts: 1569264723

View Profile Personal Message (Offline)

Ignore
1569264723
Reply with quote  #2

1569264723
Report to moderator
1569264723
Hero Member
*
Offline Offline

Posts: 1569264723

View Profile Personal Message (Offline)

Ignore
1569264723
Reply with quote  #2

1569264723
Report to moderator
1569264723
Hero Member
*
Offline Offline

Posts: 1569264723

View Profile Personal Message (Offline)

Ignore
1569264723
Reply with quote  #2

1569264723
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1569264723
Hero Member
*
Offline Offline

Posts: 1569264723

View Profile Personal Message (Offline)

Ignore
1569264723
Reply with quote  #2

1569264723
Report to moderator
1569264723
Hero Member
*
Offline Offline

Posts: 1569264723

View Profile Personal Message (Offline)

Ignore
1569264723
Reply with quote  #2

1569264723
Report to moderator
suchmoon
Legendary
*
Offline Offline

Activity: 2072
Merit: 3953


Pedal-powered plaguebot


View Profile
April 30, 2019, 12:30:29 PM
 #2

Again, not a scam accusation. Move.

shasan
Copper Member
Sr. Member
****
Offline Offline

Activity: 546
Merit: 334

Need a Bounty Manager? t.me/shasan32


View Profile WWW
April 30, 2019, 12:34:32 PM
 #3

Again, not a scam accusation. Move.
Thanks, just moved to bitcoin discussion from scam accusation board. I think now it is okay, if not let me know. Thanks a lot.
DeathAngel
Legendary
*
Offline Offline

Activity: 1414
Merit: 1122


One of the world's leading Bitcoin-powered casinos


View Profile
April 30, 2019, 01:36:13 PM
 #4

I don’t know why anybody is still using Electrum, this happens all the time. People download a gogus update & BAM, their coins are gone. Makes me sad to see it.

BitBustah
Hero Member
*****
Offline Offline

Activity: 1232
Merit: 534



View Profile
April 30, 2019, 01:47:40 PM
 #5

Is this real? Yet another problem with Electrum.

Time to switch to a different wallet, this is unacceptable.
TryNinja
Legendary
*
Offline Offline

Activity: 1134
Merit: 1489



View Profile
April 30, 2019, 01:50:19 PM
Merited by hilariousandco (1)
 #6

I don’t know why anybody is still using Electrum, this happens all the time. People download a gogus update & BAM, their coins are gone. Makes me sad to see it.
I thought that happened with every kind of software and website? Visit a fake website and BAM, accounts stolen. Download a fake software and BAN, rip passwords, coins and personal data.

It’s up for the user to identify what is real/safe and what is not.

Core has infected impersonators.



Is this real? Yet another problem with Electrum.

Time to switch to a different wallet, this is unacceptable.
It’s a DDoS attack ffs. Nothing really changed from last time.

Did you try reading the article?

Beerwizzard
Full Member
***
Offline Offline

Activity: 518
Merit: 128


View Profile
April 30, 2019, 02:02:10 PM
 #7

Again, not a scam accusation. Move.
Thanks, just moved to bitcoin discussion from scam accusation board. I think now it is okay, if not let me know. Thanks a lot.
There is a special board on this related to Electrum wallet. There you can even stay in contact with Electrum developers: https://bitcointalk.org/index.php?board=98.0
Also it is better to add a link to the source of those news. I would like to see more details.
I don’t know why anybody is still using Electrum, this happens all the time. People download a gogus update & BAM, their coins are gone. Makes me sad to see it.
I guess, the same thing would keep happening with every popular Bitcoin wallet or crypto related service. The more people use it - the bigger piece of cake it would be for scammers.
shasan
Copper Member
Sr. Member
****
Offline Offline

Activity: 546
Merit: 334

Need a Bounty Manager? t.me/shasan32


View Profile WWW
April 30, 2019, 02:04:45 PM
 #8

There is a special board on this related to Electrum wallet. There you can even stay in contact with Electrum developers: https://bitcointalk.org/index.php?board=98.0
It is already on the board you mentioned.

Also it is better to add a link to the source of those news.
Probably you have not read my post. You can see source link if you click on the image. Thanks.
bob123
Legendary
*
Offline Offline

Activity: 1022
Merit: 1529



View Profile WWW
April 30, 2019, 02:16:15 PM
 #9

The 'electrum botnet' (what a stupid name chosen from you) doesn't infect anything with malware.

I might get a lot of hate for this statement, but..
People who can't use their common sense and simply just click on 'download' and 'install' just because there is a known name mentioned somewhere,
should stay far far away from crypto and should never store any sensitive (or for them valuable) information on an electronic device.

Not just that the phishing attempt is very low-skilled, currently there is just a DoS going on.. no infection, no malware, no stealing funds.
If you have your wallet updated to v3.3.3+ (which you should..), you won't even get the cheap phishing message.. just switch to a different server and everything is fine..

Genemind
Sr. Member
****
Offline Offline

Activity: 896
Merit: 253


Free Crypto in Stake.com Telegram t.me/StakeCasino


View Profile
April 30, 2019, 02:16:21 PM
 #10

I used to have electrum wallet, but since previous attacks on it despite their efforts to update their security, it seems that it's really not ideal to use electrum.
Stay safe, better to secure your bitcoin on hardware wallet than online wallets.

bob123
Legendary
*
Offline Offline

Activity: 1022
Merit: 1529



View Profile WWW
April 30, 2019, 02:20:21 PM
 #11

I used to have electrum wallet, but since previous attacks on it despite their efforts to update their security, it seems that it's really not ideal to use electrum.

There was no vulnerability above a 3.0/10 based on CVSS.

All a malicious server could do, is to show you a message. That's all. No influence on confidentiality, integrity, availability.
The security is (and was) high. At least as good as a software wallet can be. No influence at all.



Stay safe, better to secure your bitcoin on hardware wallet than online wallets.

Electrum is not an online wallet. It is a software- (or desktop-) wallet.




Edit:
If you can't find a server which is not under DoS and not malicious, ask mocacinno to whitelist your IP for his server.
He is voluntarily hosting an electrum server for the bitcointalk.org community.

JollyGood
Sr. Member
****
Offline Offline

Activity: 840
Merit: 359


View Profile
April 30, 2019, 07:16:52 PM
 #12

I used to have electrum wallet, but since previous attacks on it despite their efforts to update their security, it seems that it's really not ideal to use electrum.
Stay safe, better to secure your bitcoin on hardware wallet than online wallets.

What were the previous issues with Electrum and when did they occur?

SCAMS|| ADAB SOLUTIONS || BANKERA || BETKING BITSAFE & DEAN NOLAN || BITINGLE || CHANGELLY CHANGENOW & ATOMIC SWAP || COINSBIT || FURTCOIN || FLYP.ME || HITBTC || HOLY TRANSACTION || HUMANCOIN || HUMANITYONE || MINEXCOIN ||
|| MOBILEGO || P2PB2B || REPUBLIA || ROCK TRADING || SOVRANOCOIN || SPECTROCOIN || TOKENPAY || TRADESATOSHI || ULORD || VIBEO || 520bit/vitalii_invest/RoyalTeam ||
|| READ MY FULL SCAM LIST
pooya87
Legendary
*
Offline Offline

Activity: 1764
Merit: 1887


Remember tonight for it's the beginning of forever


View Profile
May 01, 2019, 02:41:26 AM
 #13

I used to have electrum wallet, but since previous attacks on it despite their efforts to update their security, it seems that it's really not ideal to use electrum.
Stay safe, better to secure your bitcoin on hardware wallet than online wallets.

What were the previous issues with Electrum and when did they occur?

the issue was that the electrum servers you connected to could send you any message they liked with any arbitrary contents and your wallet would have shows these messages as received. so some malicious people started exploiting it and started sending links through that message and encouraged people to download a malicious software disguised as "new version" with a fake link. people who fell for that and downloaded this malicious binary without checking the link and the signature of the file (as they should have) lost money.
it happened on December last year (https://github.com/spesmilo/electrum/issues/4968)

traderethereum
Hero Member
*****
Offline Offline

Activity: 1246
Merit: 508


CryptoMania Slots


View Profile
May 01, 2019, 04:18:20 AM
 #14

I think we need to prevent from the thief that wants to steal our bitcoin from the electrum wallet. I already move all of my bitcoin from electrum to another wallet, and I hope that soon after the developer has fixed the problem, it will not get trouble in the future.
But if the wallet is fine and people download the wrong wallet, then the mistake will be on the user side, and they need to double check the links to get the wallet or download the update.


           ▄▄██████▄▄                  ▄▄▄█████▄▄▄
        ▄██████████████▄           ▄▄███████████████▄
      ▄██████████████████▄       ▄████████████████████▄
     █████████▀▀▀▀█████████▄   ▄██████████▀▀▀▀██████████
   ███████▀        ▀█████▀ ▄███████████▀       ▀████████
  ▄█▄█████▀           ▀█▀ ▄███████████▀          ▀███████▌
▄█████▄███              ▄███████████▀             ███████▌
  ▀█▀█████▄           ▄███████████▀ ▄▄           ▄███████▌
   ███████▄        ▄███████████▀ ▄████▄        ▄████████
     █████████▄▄▄▄███████████▀  ▄█████████▄▄▄▄██████████
      ▀████████████████████▀     ▀████████████████████▀
       ▀███████████████▀▀         ▀████████████████▀
          ▀▀▀██████▀▀                ▀▀███████▀▀▀
.CryptoMania.            ▄▄ ▄▄▄▄▄▄
           ▐██████████▄▄██▌
▄▄▄ ▄▄▄▄▄ ▄████████████████▄▄
████████████  ▄█████████████▄▄
▐███████████▌  █████████▀█████████
 ██▀▀ ██████ ▄████████▌▀▀ ▄███████▌
     ██████▐█████████  ▄███████▀▀
    ▐█████████████████▄███████
    ████████████████████████
    ▐████████████████████████
   ▄███▄▐███  ▄█████▄███████▄███▄
  ▐██ ██▐███ ▐███ ███▌ ███ ▐██ ██
   ▀███▄▐███ ▐███ ███▌ ███  ▀███▄
   ██▄█▀▐█████▀█████▀  ███  ██▄█▀

.The Real Slots.........
.Experience on-chain.

.
  $




.
  $
moha sasa
Newbie
*
Offline Offline

Activity: 22
Merit: 2


View Profile
May 01, 2019, 05:47:23 AM
 #15

- I think Electrum was under attack, cause it is one of the best wallet out there. It attract users and so are thieves.

- Any wallet/exchange could suffer from such an attack, the standard here is your knowledge, if you're educated enough you wouldn't lose a single satoshi.
Lucius
Legendary
*
Offline Offline

Activity: 1540
Merit: 1338


Fortis Fortuna Adiuvat


View Profile WWW
May 01, 2019, 09:23:50 AM
 #16

People who can't use their common sense and simply just click on 'download' and 'install' just because there is a known name mentioned somewhere,
should stay far far away from crypto and should never store any sensitive (or for them valuable) information on an electronic device.

Exactly, situation with Electrum has just shown that users know a little about basic use of cryptocurrency or just about using PC / internet in a safe way. Fact that even after all warnings and the time that have passed since the beginning of phising attacks some users still become victims, speaks for itself. I would say that some other solution is far better option for crypto wallet, but users who get tricked with this will probably at some point lost coins even with HW by keeping seed in an unsafe way, or by typing it on some fake software like fake Ledger Live.

JollyGood
Sr. Member
****
Offline Offline

Activity: 840
Merit: 359


View Profile
May 01, 2019, 10:11:38 AM
 #17


What were the previous issues with Electrum and when did they occur?

the issue was that the electrum servers you connected to could send you any message they liked with any arbitrary contents and your wallet would have shows these messages as received. so some malicious people started exploiting it and started sending links through that message and encouraged people to download a malicious software disguised as "new version" with a fake link. people who fell for that and downloaded this malicious binary without checking the link and the signature of the file (as they should have) lost money.
it happened on December last year (https://github.com/spesmilo/electrum/issues/4968)


I see. Thank you for the explanation.

If that issue is now over and has been fixed then I see no problem with using Electrum.

In the event of using Bitcoin just for checking say for example on a server for ecommerce (address generating and payment checking) purposes where a UI would not even be needed, it would still be a great asset to utilise.

SCAMS|| ADAB SOLUTIONS || BANKERA || BETKING BITSAFE & DEAN NOLAN || BITINGLE || CHANGELLY CHANGENOW & ATOMIC SWAP || COINSBIT || FURTCOIN || FLYP.ME || HITBTC || HOLY TRANSACTION || HUMANCOIN || HUMANITYONE || MINEXCOIN ||
|| MOBILEGO || P2PB2B || REPUBLIA || ROCK TRADING || SOVRANOCOIN || SPECTROCOIN || TOKENPAY || TRADESATOSHI || ULORD || VIBEO || 520bit/vitalii_invest/RoyalTeam ||
|| READ MY FULL SCAM LIST
pooya87
Legendary
*
Offline Offline

Activity: 1764
Merit: 1887


Remember tonight for it's the beginning of forever


View Profile
May 02, 2019, 04:23:08 AM
 #18


What were the previous issues with Electrum and when did they occur?

the issue was that the electrum servers you connected to could send you any message they liked with any arbitrary contents and your wallet would have shows these messages as received. so some malicious people started exploiting it and started sending links through that message and encouraged people to download a malicious software disguised as "new version" with a fake link. people who fell for that and downloaded this malicious binary without checking the link and the signature of the file (as they should have) lost money.
it happened on December last year (https://github.com/spesmilo/electrum/issues/4968)


I see. Thank you for the explanation.

If that issue is now over and has been fixed then I see no problem with using Electrum.

In the event of using Bitcoin just for checking say for example on a server for ecommerce (address generating and payment checking) purposes where a UI would not even be needed, it would still be a great asset to utilise.

there was never a problem with using Electrum before either. the user had to ignore a bunch of very important security measures to actually lose his coins. they had to go to a malicious website which was not the official website they had downloaded Electrum before, then they had to install a software while ignoring the importance of checking digital signatures. and to top it off they had to be holding their coins in an online wallet instead of cold storage.

when it comes to wallets the security is not always about how safe the wallet itself is, but it is about how safe and cautious the user is. by simply checking digital signatures and using cold storage more than 90% of the loss cases (in general not just with Electrum) would have been eliminated.

JollyGood
Sr. Member
****
Offline Offline

Activity: 840
Merit: 359


View Profile
May 02, 2019, 10:59:20 AM
 #19

there was never a problem with using Electrum before either. the user had to ignore a bunch of very important security measures to actually lose his coins. they had to go to a malicious website which was not the official website they had downloaded Electrum before, then they had to install a software while ignoring the importance of checking digital signatures. and to top it off they had to be holding their coins in an online wallet instead of cold storage.

when it comes to wallets the security is not always about how safe the wallet itself is, but it is about how safe and cautious the user is. by simply checking digital signatures and using cold storage more than 90% of the loss cases (in general not just with Electrum) would have been eliminated.


I will not sync a full Bitcoin chain on my hard drive, that is why I prefer Electrum.

SCAMS|| ADAB SOLUTIONS || BANKERA || BETKING BITSAFE & DEAN NOLAN || BITINGLE || CHANGELLY CHANGENOW & ATOMIC SWAP || COINSBIT || FURTCOIN || FLYP.ME || HITBTC || HOLY TRANSACTION || HUMANCOIN || HUMANITYONE || MINEXCOIN ||
|| MOBILEGO || P2PB2B || REPUBLIA || ROCK TRADING || SOVRANOCOIN || SPECTROCOIN || TOKENPAY || TRADESATOSHI || ULORD || VIBEO || 520bit/vitalii_invest/RoyalTeam ||
|| READ MY FULL SCAM LIST
shasan
Copper Member
Sr. Member
****
Offline Offline

Activity: 546
Merit: 334

Need a Bounty Manager? t.me/shasan32


View Profile WWW
May 02, 2019, 11:21:20 AM
 #20

there was never a problem with using Electrum before either. the user had to ignore a bunch of very important security measures to actually lose his coins. they had to go to a malicious website which was not the official website they had downloaded Electrum before, then they had to install a software while ignoring the importance of checking digital signatures. and to top it off they had to be holding their coins in an online wallet instead of cold storage.

when it comes to wallets the security is not always about how safe the wallet itself is, but it is about how safe and cautious the user is. by simply checking digital signatures and using cold storage more than 90% of the loss cases (in general not just with Electrum) would have been eliminated.


I will not sync a full Bitcoin chain on my hard drive, that is why I prefer Electrum.
If you use electrum then it will not occur any problem until you open any phishing link. If you open any phishing link then you may loss all of your funds.
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!