All About Lightning Electrum
This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). In a frenzy, malicious ElectrumX servers account for as many as 71% of the total, and the show doesn't fully count, and hundreds of bitcoins have been stolen in this phishing attack over the past year or so.
The Healthy Security Lab is concerned that Nearly 250 bitcoins have been stolen in a recent hacking attack on an Electrum wallet. This attack, confirmed by Electrum, involves creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that it was an ongoing phishing attack on Electrum users and advised them to download wallets from the official website.
Add a pull-down interface and connect when the server requests it - send a command to track the server to reset socket.io interface.
Popular wallet developer Electrum has released an emergency patch for a key vulnerability in its Bitcoin wallet. The vulnerability allows any website hosting electrum wallets to potentially steal a user's cryptocurrency. A vulnerability means that the password is exposed to the JSONRPC interface, implying that the hacker has full control over the wallet. The first patch failed to fix the problem, forcing Electrum to release a second update on Sunday night.
UBTC Electrum fixes the local BUG for multi-signed address call contracts.
According to Johnwick.io, we will continue to monitor and track the further flow of funds after a recent user submitted a coin-losing incident claiming that the download used an Electrum wallet had been phishing and that more than 700 bitcoins had been lost, and that the stolen address had been added to the Devi AML system. It is reported that malicious websites (electrumsecure) fake Electrum website phishing attacks, to guide users to download and use the wallet, in order to steal the user's private key and other sensitive data. Devi Security Labs is here to remind users not to install unknown sources of Electrum wallets, to avoid asset losses. Electrum Official Website: electrum.org Electrum Phishing Website: electrumsecure.
Electrum is a world-renowned Bitcoin light wallet with a long history of multi-signature support and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.
Front End: VS Code, VS IDE, and Web VS Code.