All About Lightning Electrum
Electrum tweeted today about the incident, saying it was "a persistent phishing attack on Electrum users" and imploring users to check the effectiveness of the resources they log on to.
When an Electrum wallet queries a third-party Electrum server, the server can link two transactions together and know which address is a zero address.
Since the end of December 2018, Bitcoin wallet Electrum users have lost 771 BTCs (worth about $4 million) in phishing attacks, according to a study released by Malwarebytes Labs. Electrum is known to implement a variant of a technology called Simplified Payment Verification (SPV), which allows users to send and receive transactions without having to download a full copy of the Bitcoin blockchain. An attacker is exploiting a vulnerability that anyone can manipulate a public Electrum peer to carry out an attack. (TNW)
According to the New York Post, the Twin Star Exchange founder, the Winklevoss brothers, donated $130,000 to New York Governor Andrew Cuomo for approving the Gems Exchange to operate in New York.
The Mac version is currently available, followed by versions of Windows and Linux, so developers of non-Mac systems should be a little more restless.
In December 2018, for the first time, we discovered and alerted an attacker to a messaging flaw that exploited the Electrum Wallet client to force an "update prompt" to pop up when a user transfers money, inducing the user to update the download malware and then carry out a currency theft attack. This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so. Although in early 2019 Electrum officials said they would adopt some security mechanisms to prevent this kind of "update fishing", such as: 1. Patch Electrum client does not display rich text, does not allow arbitrary messages, only strict messages; Patch ElectrumX server implementation detects Sybil Attack (i.e. witch attacks, malicious servers that send phishing messages) and no longer broadcasts them to clients; Implement blacklisting logic to alert malicious servers outside the Electrum client view; Promote social networking sites, websites, and all forms of communication that exist with users, who should always run the latest version and always only install from official sources (electrum.org), access through security protocols (https), and verify GPG signatures in advance. However, many users of Electrum are still in the older version (less than 3.3.4), and the older version is still under threat. However, we do not rule out a similar threat to the new version. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qcygs9dl4pqw6atc4yqurzd76p3r9cp6xp2kny has stolen more than 30 BTC, the crime lasted six months, and recently is still active. We would like to remind Electrum users that the new version of Electrum in this Update Tip is likely to be false and that if installed, transfer Bitcoin out in another security environment in a timely manner. At the same time, we call on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address. Finally, identify electrum's official web address.
Johnwick.io found that hackers launched a denial-of-service (DoS) attack on a well-known wallet, Electrum server. Hackers used a botnet of more than 140,000 computers to attack Electrum's nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. Devi Security Labs recommends that users of Electrum Wallet update to the latest version of the client via the official website and never use the link in the prompt message.
Implement blacklisting logic to alert malicious servers outside the Electrum client view.
Users of cryptocurrencies Wallet Electrum and MyEtherWallet are facing phishing attacks, according to posts posted on Reddit and Twitter on February 4. The MyEtherWallet team has issued a warning about phishing emails sent to users. Electrum also posted a warning on its website informing users that the electrum version, which predies 3.3.3, is vulnerable to phishing attacks. The company warned its users not to download software updates from other sources. (Cointelegraph)
Digital Wallet Electrum was hacked, losing 250 bitcoins.