All About Lightning Electrum
Wallet developer Electrum has released an emergency patch for a key vulnerability in bitcoin wallets. The vulnerability makes it possible for any website hosting an e-wallet to steal a user's cryptocurrency. The vulnerability means that in the JSONRPC interface, the password is exposed, implying that the hacker has full control of the wallet. However, the first patch failed to resolve the issue, forcing Electrum to release a second update on Sunday night.
These harmful encryption extensions in Chrome are mimicking well-known encrypted wallets, including Ledger, Trezor, and Electrum. Ignorant users will only download these extensions, thinking they are downloading real encrypted wallet applications. Once they share private keys and other personal details, these malicious extensions hijack their cryptocurrency funds.
VMware Workstation 15 Pixel Shader Feature Denial of Service Vulnerability (CVE-2019-5521)
The main problem here is the private key: where to get it and how to store it. Needless to explain, any system that generates keys anywhere outside the end-user device is a design failure. But beyond that, it's important to have open source and properly audited key generation software, third-party hardware (the simplest option is a smartphone) and users who know how to use private keys.
Security: What are the security features of your wallet? The most secure wallets (except cold storage) require two-factor authentication, multi-signature sign-in, or a combination of both.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding users to check the authenticity of the client's source before logging in. The team published its official website, and electrum clients downloaded elsewhere may be problematic.
On this platform, players can get a virtual mine machine worth 200 yuan as long as they register, and the "diamonds" dug out can be sold for withdrawal.