Never use ELECTRUM WALLET!

[jeri01]

I have not used this wallet for years, i have alreay forgotten about it on my PC,at some moment i needed to pay some online service , it adviced me to pay via wallet and it showed up , the message occured with error then to uprgrade your old version, of course it is natural after to 2 years. Yes i understand my fault that i should check signatures , download directly from the site and other blablabla. But where is assurance that in new version of software will not happen the same shit. I think that is partly developers fault that we lose our money. I am absoultely lost, it was all my earnings  i accumulated , the sum is really big, the main idea now is to kill somebody who involved

[Rath_]

But where is assurance that in new version of software will not happen the same shit.

The same thing won't happen again since it has been already fixed. Before the 3.3.3 update was released, Electrum had never notified users of available updates. You are the one at fault. No wallet is completely secure and bug-free.

[jeri01]

But where is assurance that in new version of software will not happen the same shit.

The same thing won't happen again since it has been already fixed. Before the 3.3.3 update was released, Electrum had never notified users of available updates. You are the one at fault. No wallet is completely secure and bug-free.

who knows about that? 10% user who sitting on this forum? I am not a one ,try use google seach there are thousend victims!

the same thing of course will not happen but the other one can happen easily. The product is raw and they are testing bugs by our money lost

[Rath_]

who knows about that? 10% user who sitting on this forum? I am not a one ,try use google seach there are thousend victims!

I am aware of that. Still, all of these users are at fault for not using the common sense. If you had looked at your address bar, you would have noticed that you were not on the official website. Everything that involves money should be proceeded with extreme caution. Do you check if you are on the correct website when logging in into your bank account? That's basically the same.

[bitmover]

. I am absoultely lost, it was all my earnings  i accumulated , the sum is really big, the main idea now is to kill somebody who involved

You know deep inside that you should have never left such a really big amount in a desktop wallet. That you should have bought a hardware wallet.

Desktop Wallets in your daily PC are just for a few bucks. Buy a ledger or a trezor and never lose money again.

[jeri01]

. I am absoultely lost, it was all my earnings  i accumulated , the sum is really big, the main idea now is to kill somebody who involved

You know deep inside that you should have never left such a really big amount in a desktop wallet. That you should have bought a hardware wallet.

Desktop Wallets in your daily PC are just for a few bucks. Buy a ledger or a trezor and never lose money again.

i always used apple app on my iphone, the thing was that i didn't know that electrum is still installed on my PC and linked to my wallet from the old times

[bitmover]

i always used apple app on my iphone, the thing was that i didn't know that electrum is still installed on my PC and linked to my wallet from the old times

That's not any better either.

Actually, sharing the same seed on two insecure environments will just double risk your funds....

Just buy a hardware wallet, or study good security practices like making an airgapped computer (there are also risks involved if you make a mistake or ignore some security recommendations).

[bob123]

Yes i understand my fault that i should check signatures , download directly from the site and other blablabla. But where is assurance that in new version of software will not happen the same shit. I think that is partly developers fault that we lose our money.

The developers are at fault that you have fallen for a phishing message ?
It is stated on the website (and on this forum and almost everywhere on the internet) that you need to verify the signature to make sure you are using the original software.

I am sorry to say, but only you are at fault. No one else.

I am absoultely lost, it was all my earnings  i accumulated , the sum is really big

So you were storing all of your coins on a wallet shared between your computer and your mobile phone ?

It seems you need to reconsider how you store your coins. Try to acquire knowledge regarding secure storage of sensitive information. This forum is a good place to do so.
If the sum was really big, why did you store it on a computer which is connected to the internet, shared with your mobile phone  Why no hardware- or paper wallet ?

who knows about that? 10% user who sitting on this forum? I am not a one ,try use google seach there are thousend victims!

Verifying the signature is common sense if you spend at least half an hour reading about securing funds.

the same thing of course will not happen but the other one can happen easily. The product is raw and they are testing bugs by our money lost

Just read what the website says and follow. Verify the signature and don't click on any link you see. As easy as that.

[jeri01]

Yes i understand my fault that i should check signatures , download directly from the site and other blablabla. But where is assurance that in new version of software will not happen the same shit. I think that is partly developers fault that we lose our money.

The developers are at fault that you have fallen for a phishing message ?
It is stated on the website (and on this forum and almost everywhere on the internet) that you need to verify the signature to make sure you are using the original software.

I am sorry to say, but only you are at fault. No one else.


Of course it is electrum faullt, because software has holes. I opened original programm not fake and it adviced me to down load upgrade, my fault is only that i have not learnt all these information before. But how do i know if i open ORIGINAL SOFTWARE!?

I am absoultely lost, it was all my earnings  i accumulated , the sum is really big

So you were storing all of your coins on a wallet shared between your computer and your mobile phone ?

It seems you need to reconsider how you store your coins. Try to acquire knowledge regarding secure storage of sensitive information. This forum is a good place to do so.
If the sum was really big, why did you store it on a computer which is connected to the internet, shared with your mobile phone  Why no hardware- or paper wallet ?


Again, the software was installed very far before and would never use in future, the money was safe untill i open that programm

who knows about that? 10% user who sitting on this forum? I am not a one ,try use google seach there are thousend victims!

Verifying the signature is common sense if you spend at least half an hour reading about securing funds.



I put m money on blockchaing and forgot about it , i am not sitting on forums

the same thing of course will not happen but the other one can happen easily. The product is raw and they are testing bugs by our money lost

Just read what the website says and follow. Verify the signature and don't click on any link you see. As easy as that.

[bob123]

Of course it is electrum faullt, because software has holes. I opened original programm not fake and it adviced me to down load upgrade, my fault is only that i have not learnt all these information before.

A message from the electrum server you were connected to told you to update the software.

If you would have checked the link, you would have realized that it lead you to a fake website (or to github without any source code).
This, combined with the fact that you didn't verify the signature, lead to your funds being stolen by malware.

But how do i know if i open ORIGINAL SOFTWARE!?

As already mentioned, verify the signature before installing (as stated on the website).

Again, the software was installed very far before and would never use in future, the money was safe untill i open that programm

1) It was never very secured if you stored it on an online computer AND your mobile phone.

2) They got stolen once you downloaded and installed malware, electrum is not at fault.

[o_e_l_e_o]

If you used Chrome to download a fake version of Chrome, installed it, opened it, used it for online shopping, and typed all your personal info and credit card details in to it, would it be Google's fault when your credit card gets cloned and used by someone else? If someone phones you up and tells you to transfer all your money to their bank account, and you do it, is it Apple's fault for providing you with a phone? The Electrum website quite clearly states right at the top "Do not download Electrum from another source than electrum.org, and learn to verify GPG signatures." If you ignore their clear instructions and do things they tell you not to do, then you can't hold them liable when things go wrong.

Software wallets, in particular mobile wallets, should never be considered truly safe anyway. If you wanted to protect your coins long term, then you should have invested in a hardware wallet or an airgapped machine.

[jeri01]

ok but my credit card has second security stage,limits etc and i never care about it althought never downloaded fake chromes. I just wanted to say people who created electrum should be more responsible for security as bitcoin is not protected at all.  Everything looks very tricky, you open your old version programm, it asks for the upgrade, of course how you can suspicious about that if you are an ordinary user who check your wallet once in 2 years and never sitting on forums. All you write here is true but it works only for very attentive people sitting here

[o_e_l_e_o]

ok but my credit card has second security stage

And so do crypto exchanges, where many newbies store their coins. The whole point of bitcoin is to "be your own bank" and not have to rely on a third party to look after your coins for you. You have complete control over your own money, which is very powerful, but yes, also risky if you don't know what you are doing. If you weren't confident in your ability to securely hold your coins yourself, then you should either of spent more time reading and learning, or handed over your coins to someone else to look after on your behalf like you do with fiat and banks.

I just wanted to say people who created electrum should be more responsible for security as bitcoin is not protected at all.

Bitcoin is far more secure than fiat, provided you use software properly and properly secure your wallets. If you download a program and then ignore instructions and use it incorrectly, I'm afraid the fault is with you, not the developers.

[subby123]

Sorry for your loss, these darn phishers seem to be getting away with a lot of stolen funds D:

If I may,  how much was lost?

[Pmalek]

The only mistake Electrum developers did was to allow servers to send those messages. But that mistake was realized and rectified in version 3.3.3.
It sucks to lose your money, I am sure. But this is 99% your fault. Nothing anyone says here can change the fact that your funds are gone.
I have been properly using Electrum for a long time and never had any problems. I also use cold storage options for the crypto that is worth saving.

[Lucius]

What is the point to talk to someone about something that is supposed to do long time ago? He is not first and certainly not the last person who will lose money in this way, this is unfortunately something that will happen for years to come. As I said before, there are those who open their wallets every one or two years, or in time when BTC price is going up - probably 8 of 10 will download that fake wallet.

There is no doubt that the main culprit in this story is Electrum developers who have not noticed this vulnerability, and in doing so they allowed some bad people to steal large quantities of BTC, and they will do that for years.

So we can say that users are guilty of becoming victims of phisning, and this is true - same as Electrum is guilty for served as the perfect platform for such an attack.

[NeuroticFish]

So we can say that users are guilty of becoming victims of phisning, and this is true - same as Electrum is guilty for served as the perfect platform for such an attack.

Somehow I fear it's not emphasized enough that people should not keep big amounts of money in hot wallets, wallets that go online, even if that happens very seldom.
Just because all the bad things can happen, no matter whose fault is.

I mean: we (as community) kept telling people that web wallets are not safe enough. But hot wallets can be a problem too.

[bob123]

So we can say that users are guilty of becoming victims of phisning, and this is true - same as Electrum is guilty for served as the perfect platform for such an attack.

I don't feel like electrum is responsible for anything.

It is an open source wallet and everyone should use common sense when dealing with sensitive information (what private keys are).
You can't blame electrum for serving as a kind of platform to perform such attacks. You'd have to also make banks responsible for online-banking or check-fraud and the universities of the US for creating email - which is the most common 'platform' for phishing.

Just because someone offers a platform or technology, doesn't mean he is responsible for anything which happens with it.
You don't blame Satoshi for creating bitcoin and the involved crimes (blackmailing, money laundering, etc..), do you ? Or the Gov for their FIAT and the involved crimes (drug dealers and hitmen being paid with FIAT, etc..) ?

[Lucius]

I don't feel like electrum is responsible for anything.

You mix things that should not be mixed -  banks, universities or fiat are something completely different then cryptocurrency. How can you say that Electrum developers "is responsible for anything", they develop that software and they did not see that vulnerability which was used for distribution of fake wallet.

Let's put aside ignorance of users, they are the victims of their ignorance, but it all start with exploit in Electrum - saying that all blame is on users is not fair in my opinion.

I mean: we (as community) kept telling people that web wallets are not safe enough. But hot wallets can be a problem too.

I agree that there is a problem in fact most of us maybe create public opinion by saying "Do not use web wallets", and most users think desktop wallets are safe option. I am not sure is it more appropriate to direct users to hardware wallets, so far they are safe, but who can guarantee that this will be the case tomorrow or in a year?

[bob123]

I don't feel like electrum is responsible for anything.

You mix things that should not be mixed -  banks, universities or fiat are something completely different then cryptocurrency. How can you say that Electrum developers "is responsible for anything", they develop that software and they did not see that vulnerability which was used for distribution of fake wallet.

Let's put aside ignorance of users, they are the victims of their ignorance, but it all start with exploit in Electrum - saying that all blame is on users is not fair in my opinion.

There is not a single software without vulnerabilities. Not a single one.

And the vulnerability in electrum has a CVSS score of roughly 3/10.
That is very far away from a sever vulnerability. The severity is low.. at max.

There is absolutely nothing which can happen based on this vulnerability. The user has to make several mistakes in a row (falling to phishing message, downloading from a fake site, not verifying signature, executing malware ..) in order to lose coins.
Those people most likely also would fall for a cheap phishing mail.

IMO absolutely their fault. No one forced them to use electrum. And neither did anyone force them to download malware from a fake site.