All About Lightning Electrum
Users of Bitcoin wallet Electrum are facing phishing attacks, according to Johnwick.io. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user is prompted to install this backdoor-carrying client, the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth approximately $11.6 million had been stolen from phishing attacks that forged Electrum upgrade alerts. Devi Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, and do not use the link in the prompt message to avoid asset losses.
Electrum fakes upgrade tips for phishing attacks to steal at least 200 BTCs, and you need to be alert to such attacks.
Digital wallet developer Electrum has released an emergency patch saying it found a vulnerability that could lead any website hosting Electrum to steal a user's digital currency, exposing passwords to the JOHNSONRPC interface and ingelling hackers full control of the wallet. Earlier, Electrum released the first patch, but it didn't seem to solve the problem, and they released a second update urgently Sunday night local time.
B: Electrum server can customize messages to appear in the user's electrum light wallet software, giving hackers a chance to broadcast phishing messages.
Electrum is a world-renowned Bitcoin light wallet with a long history of supporting multi-signatures and a very broad user base, many of which like to use Electrum as a cold wallet or multi-sign wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have a "message flaw" that allows an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing for the user, and if you follow the prompt to download the so-called new version of Electrum, you may get a trick. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more. This captured currency theft attack is not stealing the private key (electrum's private key is generally stored with two-factor encryption), but replaces the transfer destination address when the user initiates the transfer. Here we remind users that when transferring money, special attention needs to be paid to whether the destination address has been replaced, which is a very popular method of currency theft recently. It is also recommended that users use hardware wallets such as Ledger, if paired with Electrum, although the private key will not have any security issues, but also need to be alert to the target address is replaced.
The IOS version of the wallet differs from the Android version in how much, the user creates a new wallet, then imports the existing seed or uses the new public and private keys. When creating a new wallet, the Electron Cash iOS interface provides a new twelve-word mneed phrase that users need to remember with other tools, and after the seed import is complete, the wallet will ask you to re-enter the twelve words.
If you haven't set up Electrum Wallet to be compatible with your phone wallet, you can use the private key to recover the Electrum wallet on your web wallet. Select Wallet - "Private Key" - "Export" on the Electrum wallet and you will export the file qtum-electrum-private-keys.csv or copy only one private key. Select Recover from WIF on your web wallet, paste the private key, and select Confirm. Check that the wallet address is correct. You may need to use Dump as a Key File to save the key file.
Electrum Wallet is one of the most popular Bitcoin wallets and has been around for several years. However, Electrum wallet users often rely on electrum servers, which presents some security and privacy trade-offs. If you use an Electrum personal server, Electrum wallet users can connect locally to their own private servers, enjoying the convenience of Electrum without any trade-offs.