Will we ever find out that someone compromised electrum.org?

[BlackHatCoiner]

Electrum advice us to verify the signature once we download it. Was there any site compromisations in the past that scared the people? If it gets compromised, will we ever find it out?

[hosseinimr93]

Electrum website has never been hacked. (At least, I haven't ever read any report regarding this).
In versions older than 3.3.4, there was a vulnerability making servers able to display a message asking users to install a new update (which was actually a malware). But the website itself has been always safe.

Anyone who has downloaded Electrum from the official website has been safe, unless they have lost money due to other reasons like having a compromised system.

Warning to newbies:
Although Electrum website has never been compromised and download files have never been replaced by fake ones, you must verify the signature even if you are sure that you have downloaded Electrum from the official website. There is no guarantee that the website hasn't been compromised few seconds before you download the file.

[o_e_l_e_o]

If it gets compromised, will we ever find it out?

We will find out very quickly, likely within a couple of hours at most, when someone tries to verify the fake version which they downloaded from the hacked site and find that it was not signed by Thomas Voegtlin. The only people who will be at risk if electrum.org is hacked are the users who fail to verify the download before running it.

If the site is compromised, I would also expect a signed message from Thomas Voegtlin or one of the other main devs to be released very quickly stating as such.

[logfiles]

Was there any site compromisations in the past that scared the people?

I haven't seen any record where the electrum.org website got compromised but some kinds of attacks on popular websites are possible and have ever happened before. At least I witnessed 2 cases. One was on Etherdelta (I even opened the website during the time of the attack) the other was Myetherwallet

In such attacks, a hacker temporarily hijacks a couple the website's servers and then redirects people who are visiting the website to a fake website or fake software where unsuspecting users can download. That's why it's always emphasized that you verify the file signatures before installing.

If it gets compromised, will we ever find it out?

Yeah, it's possible to know if you are very keen.

In my case with etherdelta, the certificate all of a sudden became invalid (there was an insecure connection warning on my browser) and the Netcraft anti-phishing browser extension also showed me conflicting information when I clicked on it. This was enough for me to realize that the site i was being redirected to was not the real Etherdelta.

[NotATether]

In my case with etherdelta, the certificate all of a sudden became invalid (there was an insecure connection warning on my browser) and the Netcraft anti-phishing browser extension also showed me conflicting information when I clicked on it. This was enough for me to realize that the site i was being redirected to was not the real Etherdelta.

That is the beauty of using HTTPS, the domain name of the website is included in the HTTPS certificate that's sent from server to client, so whether an phisher changes it or not, their certificate and fake website pair will be invalid.

If an attacker makes a fake copy of the site, changes the domain name inside it and puts it on his own server, the certificate signature will be invalid because it won't match with the private key, so you get a warning.

If they do the above but *don't* change the domain name inside, the browser detects the mismatch between the domain it's connecting to and the domain in the certificate, and you get a warning.

So all sites that handle sensitive data should run only HTTPS (and activate HSTS to prevent HTTP from working), so people can identify fake copies of their websites!

So to OP: the way how you'd know how a website was compromised, is when the browser gives you an HTTPS warning. Unless someone hacked the server hosting the electrum website itself, in that case you'd expect what o_e_l_e_o said to happen. But even then the PGP signature verification of the checksums would fail because they don't have ThomasV's private key and people would reject binaries not signed by him or have checksums with no PGP signature at all.

[pooya87]

But even then the PGP signature verification of the checksums would fail because they don't have ThomasV's private key and people would reject binaries not signed by him or have checksums with no PGP signature at all.

an attacker who gained access to change the Electrum binaries will also change the accompanying signature and the PGP public key that exist on the site. that is why it is a weakness to host both on same location. which is also why i never just tell people to get the pubkey but instead suggest they learn about Web of trust concept and follow it.

[o_e_l_e_o]

that is why it is a weakness to host both on same location.

I don't think they do host both in the same location, though?

If you go to the download page, there is a link to ThomasV's key hosted on the Electrum github: https://raw.githubusercontent.com/spesmilo/electrum/master/pubkeys/ThomasV.asc
If you go to the about page, there is a link to ThomasV's key hosted on an OpenPGP keyserver: http://keys.gnupg.net/pks/lookup?search=0x6694D8DE7BE8EE5631BED9502BD5824B7F9470E6&fingerprint=on&op=index

Now obviously an attacker with access to the electrum.org hosting could change those links to point to their own keys, so the point about web of trust, or at least using external sources to verify the correct key, still stands.

[pooya87]

that is why it is a weakness to host both on same location.

I don't think they do host both in the same location, though?

it was probably poorly worded by me.
what i mean is that when someone goes to the foo.com and downloads the file there and then clicks the same link in the same place for the pubkey they may as well be downloading it from the same host. in case of website being compromised the attacker will simply change that link to another one on bar.com but a different key. the key itself can be hosted on github even to look similar with another link to gnupg.net.

[o_e_l_e_o]

the key itself can be hosted on github even to look similar with another link to gnupg.net.

Absolutely. A determined attacker could even use create a github repository with a name to be similar to spesmilo, just like they use fake URLs that look very similar to the real thing.

But what if the hacker do something else such as installing malicious "dependencies" that uploaded by the hacker on pypi.org or create guide which ask you to run some command (such as download and execute malicious script) ?

It would probably be in their interests to do something not immediately noticeable. They could easily replace the installer with ransomware, for example, but the first person who downloads it is going to go straight to Reddit/Twitter with their situation.

It's an interesting scenario. Outside of updates, I rarely if ever need to download Electrum. I imagine most established users are the same, and these are the users who are most likely to take proper security precautions and verify their downloads. New users, on the other hand, are more likely to be downloading Electrum and also less likely to verify.

[bob123]

So all sites that handle sensitive data should run only HTTPS (and activate HSTS to prevent HTTP from working), so people can identify fake copies of their websites!

So to OP: the way how you'd know how a website was compromised, is when the browser gives you an HTTPS warning. [...]

It is worth to note that while this mostly will be the case, it doesn't always have to be that noticeable.

More precisely, if you get such a HTTPS warning, something is wrong -> either the site/server administrator made a mistake or there is an attack going on.
But on the other hand, if there is no warning at all and HTTPS is "working as it should", there is no guarantee that you indeed are connected to the real server.

If there is no certificate pinning, "all" an attacker would need would be "just" a signature from a CA. While this in theory shouldn't be possible to receive as a malicious actor, there have been several cases already where CA's got compromised.

Just because you are connected to website.com via HTTPS, it doesn't mean that you indeed are connected to the real server.

[DaveF]

You don't need to hijack or compromise electrum.org. People will go to the wrong site and get their coins stolen all by themselves.

Take a look here: https://bitcointalk.org/index.php?topic=5229836

I have not updated the post for 6 months (my bad) but on average the site it *still* getting over 1k hits per month and people are *still* trying to directly get to the malware executable that was hosted there.

-Dave