Bitcoin Sent to Wrong Address (Wallet Behavior)

[yohannc]

If I understand correctly, does this mean that someone added a Bitcoin address into the French version, and that it appears in all Electrum wallets using the French language?

[PX-Z]

Yes that address shows up in the french language file:

https://github.com/spesmilo/electrum-locale/blob/master/locale/fr_FR/electrum.po#L768

How is it possible that someone put that address in the French version of Electrum if I understand correctly? Still, it's hard to understand that someone found a BTC address in the Settings tab, while at the same time ignoring the Receive tab in the main menu

Seems like developer's mistake, no one had reviewed that code part. While at the same time, you could possibly imagine how newbies can explore more than what meets the eye.

Let's hope that the developer who commit the update and received the btc sends back the amount to OP's friend.

[khaled0111]

If I understand correctly, does this mean that someone added a Bitcoin address into the French version, and that it appears in all Electrum wallets using the French language?

Yes, that’s correct. If you change the language to English, for example, you will see "Avoid spending from used addresses" instead of that address.
The french translation doesn’t look like it was done by a professional translator as many messages seem to be missing from the Fr file.

Not sure, but I guess the devs must have the translator’s contact details, so they can contact him to inform him about what happened and ask him to send the coins back to the address they were sent from.
If this was a genuine mistake (although I doubt it), then I don’t see why he would refuse.

[hosemary]

If I understand correctly, does this mean that someone added a Bitcoin address into the French version, and that it appears in all Electrum wallets using the French language?

Right. The address has been there since the version 4.6.2 which was released nearly 6 months ago.
According to the transaction history of the address, your friend has been the only person making such mistake and using that address instead of his receiving address in these 6 months.

[Lucius]

How is it possible that someone put that address in the French version of Electrum if I understand correctly?

Probably a miscopied text by the translator or actual vandalism, which is if the latter's case, bad news for OP.
After Abdussamad posted the issue, one major developer has seen more of those improper translations that are most likely related.

BTW, it looks like it's brought by this commit, they should've reviewed it well: 974d671 ("Load Diff" locale/fr_FR/electrum.po‎)

I wonder if, instead of an ordinary BTC address, it is possible to use this trick to insert something else into the official version? After that big phishing attack, I thought developers would look at all possible attack vectors - and while this isn't an attack in the literal sense, someone still found a way to insert something that shouldn't be in the official version.

[khaled0111]

I wonder if, instead of an ordinary BTC address, it is possible to use this trick to insert something else into the official version? After that big phishing attack, I thought developers would look at all possible attack vectors - and while this isn't an attack in the literal sense, someone still found a way to insert something that shouldn't be in the official version.

I guess you are wondering whether one of the translators could have inserted a phishing link instead of a phishing bitcoin address, right?
Your concern seems legitimate. if someone was able to insert a bitcoin address in one of the Electrum versions, then, theoritacally, he is supposed to be able to insert a phishing link into that version, the same way
So, this is something the developers would need to clarify. But I’m pretty sure it’s not as simple as that. Because, I'm pretty sure they have implemented many validation mechanisms to ensure no links has been introduced into the translated files (but not to check for addesses)

[nc50lc]

I wonder if, instead of an ordinary BTC address, it is possible to use this trick to insert something else into the official version?

If you're talking about anything other than text;
Not in this particular case, those translations are purely text, message strings.

The worst case is the malicious localization volunteer could sneak-in a text-non-clickable URL,
If ever the devs failed to spot it before committing, it wont be clickable without an f-string outside of the quote which isn't available to the translator.

Still potentially dangerous though but easily preventable by reviewing the added/edited translations.

[Abdussamad]

There is a call for proof readers to help with the translations. If you know more than one language this is a great way to contribute to electrum:

https://github.com/spesmilo/electrum-locale/issues/47#issuecomment-3914866337