All About Lightning Electrum
The electrum and Electrum-LTC versions below 3.3.3 are vulnerable to phishing attacks in which a malicious server displays a message asking the user to download the fake Electrum. To prevent user exposure, versions older than 3.3 can no longer connect to public servers and must be upgraded. Do not download software updates from sources other than electrum.org and electrum-ltc.org.
Cryptocurrencies Wallet Electrum has lost nearly 250 bitcoins (approximately $914,000) as a result of the new phishing attack. Electrum has confirmed the authenticity of the attack. An attacker could induce a user to provide password information by creating a fake wallet.
December 9, 2019: Initial contact is made with the affected vendor and the PGP key is exchanged.
By default, electrum wallets are randomly connected to a set of Electrum servers. From a privacy perspective, this is not a good thing because it discloses your wallet address and balance to unknown third parties. And unfortunately, many public Electrum servers are run by individuals or groups of blockchain analytics companies or worse. Therefore, if you are using an Electrum wallet, it is generally recommended that you run your own Electrum server and then connect the wallet to that server.
In a forum post on Bitcointalk, website administrator Theymos explained: "If at any time in the past you've logged in to Electrum without a wallet password and opened a web page, your wallet might have been stolen." Particularly paranoid people may want to send all bitcoins (BTCs) from their old Electrum wallets to the newly generated Electrum wallet. "