Version 4.0 scam

[splashy55]

I seem to have fallen victim to the version 4 scam.  I sent coins close to but comfortably under balance to allow for fees, and next thing I know, balance is BTC 0, and vendor received nada.
Once I downloaded the correct version, I see my wallet recorded transaction, with a transaction number, and inputs and outputs.  Could these numbers help me recover coins, or help others find the thief? Or are they just bogus, as I'm suspecting?

[1715002232]

1715002232

[1715002232]

1715002232

[1715002232]

1715002232

[BitMaxz]

I see my wallet recorded transaction, with a transaction number, and inputs and outputs.  Could these numbers help me recover coins, or help others find the thief? Or are they just bogus, as I'm suspecting?

Once the transaction is sent there is no way to recover or reverse the transaction and also you can't find the thief who stole your bitcoin through TXID.

I hope next time you can clarify the thread title and content it's honestly hard to understand. I guess you are talking about Electrum 4.0 which is phishing or fake wallet.

Where did you download it?

The current latest version of Electrum wallet is 3.3.4 and the correct URL where you can download the original electrum is electrum.org so you have been scam with fake Electrum.

[splashy55]

My apologies, new here. I meant to post under the topic Electrum. Also mistakenly thought peeps might be familiar with scam.  I did just identify the site, looking at metadata from the .dmg still in my Downloads. Here's the url: https://electrumsecure.org/download.php?file=4.0.0/electrum-4.0.0.dmg.  stay away!

[BitMaxz]

When did you download this?

Weird the link you provided above is no longer work or it shows file not found I tested it using browsling to test the URL above.


It seems the site is currently offline but there is a possibility that the website will be alive again and I can access the site with firefox so I reported it to Firefox.

Also, beware on other phishing websites that listed from here https://bitcointalk.org/index.php?topic=5126880 and follow the guide on how to block phishing sites.

[djhomeschool]

Can you please share us how you came to this link? Was it a Google ad?

[joniboini]

Can you please share us how you came to this link? Was it a Google ad?

Tried to search about Electrum on Google but it shows no ads on me. Is it just or does Google stop showing ads?
Btw, another possibility is DNS hijack, he might type the site correctly but end up on another website.

When did you download this?

Weird the link you provided above is no longer work or it shows file not found I tested it using browsling to test the URL above.

This is typical for Electrum phishing attack. After one or two people download the file it will be disabled and then will be uploaded again by the attacker to other sites.

[nc50lc]

It's ".php" and there's more than just "download" that's being offered there.
@splashy55 remove the link from your post above or add a warning saying "don't click, malicious site".
Also, it's possible to make the site to display "file not found" and appear to be "taken down" with a script.

Here's a solid evidence that there's something fishy going around there than just the obvious non-existing version of Electrum:
https://www.virustotal.com/gui/url/e7d16019c504c111f422f496cbc2ef037c70a6dedf1f0a1b0f76dc2728877760/detection

Avira: Phishing
Emsisoft: Phishing
Fortinet: Phishing
Kaspersky: Phishing
Netcraft: Malicious

Avira is one of the most "picky" AV when it comes to detection but when it does, it's 100% positive.

[FreeSprout]

Hello everyone, sorry for barging in.

I almost fell for this today, an hour ago! The worst part is that I was prompted through the official real application to update to the fake 4.0.0 version.

It went like this:

Open Electrum,
Receive BTC from another wallet,
Attempt to send BTC from Electrum to another wallet,
Prompted by error message saying that I have to update to version 4.0.0 because of a security risk,
Click on download link provided,
Avast went into full panic and locked everything down,
I try to bypass it several times but it is stubborn as FUCK, eventually it just deleted the file without ever letting me run it,
Go to official website to redownload, realize the latest version is actually 3.3.4,
Bought 1 year Avast premium.

Tried to redownload the fake version to atleast but it is now refusing my connection.

Here is the fake site, half the links arent working. No signatures or anything.
https://electrum.mx/index.html#download <- PHISHING VERSION, DO NOT DOWNLOAD
https://electrum.mx/index.html#home      <- PHISHING VERSION, DO NOT DOWNLOAD

Hopefully I've done my part.

[nc50lc]

I almost fell for this today, an hour ago! The worst part is that I was prompted through the official real application to update to the fake 4.0.0 version.

That's only possible if you're still using the old version (< v3.3.3): Bug Report.
It's best to update your Electrum right now since it will be harder to find a server to connect to using those older versions,
there's a high chance that you'll pick the hacker's server.

[stomachgrowls]

People should have atleast some good antivirus.Just accessing the link will already give you a prompt.



I dont know why these people just cant go with the official or legit site of electrum which they can make a download?

Always remember that Electrum.org is the only place where you can download this wallet. We are still on 3.3.4 and what the heck on having that version 4 release. 

[Lucius]

People should have atleast some good antivirus.Just accessing the link will already give you a prompt.

Screenshot you posted is not related to any antivirus, it is from browser which is blocking sites which are reported to Google Safe Browsing, and browsers as Firefox then use such database to block phishing / dangerous sites. In Firefox you can just click on Help -> Report Deceptive Site and report any phishing Electrum site. This will help those users who are not aware that we have fake sites which have only one goal, to steal coins from wallet.

[Artemis3]

People should have atleast some good antivirus.Just accessing the link will already give you a prompt.



I dont know why these people just cant go with the official or legit site of electrum which they can make a download?

Always remember that Electrum.org is the only place where you can download this wallet. We are still on 3.3.4 and what the heck on having that version 4 release.  

It is a type of social engineering, coped with bad windows habits ("always download the last version"). While its nice some browsers and anti-malware warn you of these sites, don't rely on them. There are 0day phishing sites as well as malware, that is yet to be reported and recognized.

Even when Electrum officially makes a v4, the phishers will make v5, its never ending, and the money they keep making makes for enough incentive.

This is all a mining operation on bad user habits. The fact that we have to constantly see it here this on this thread proves it.

Sometimes they are subtler, and could make a fake v3.3.5, but 4 sounds more grand doesn't?

I have known such foolishness in person, so i can attest the scammers have still a lot of profit to make. I mean, just how many people out there actually bother to read this forum at all? They would blame it on Bitcoin or Electrum when it was in fact their fault and the scammers.

[stomachgrowls]

People should have atleast some good antivirus.Just accessing the link will already give you a prompt.

Screenshot you posted is not related to any antivirus, it is from browser which is blocking sites which are reported to Google Safe Browsing, and browsers as Firefox then use such database to block phishing / dangerous sites. In Firefox you can just click on Help -> Report Deceptive Site and report any phishing Electrum site. This will help those users who are not aware that we have fake sites which have only one goal, to steal coins from wallet.

Its not Firefox but Google Chrome.This prompt or warning site shows when my ESET NOD 32 do prompt that its been blocked so its on AV itself.