-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
new malicious forks: electrum-wallet/electrum and electrum-project/electrum #4953
Comments
Good to see github reacted to fast. They used to take quite some time in the past |
I am no longer sure it was GitHub that took down the repo, as a few minutes later I had also noticed that the website where the binaries were hosted was also down. Either GitHub took down the repo, the attacker noticed and took down the website; or the attacker was following the conversation on IRC and took down both himself. |
See #4968 Their latest project is: https://github.com/electrum-project/electrum/releases/tag/3.4.1 |
So if I understand the comments above, I tried to send a transaction and got a message that I could not send btc until upgrading to electrum 3.4.1, I was directed to a url at github and did the download for the upgrade and immediately lost all of my bitcoin and my wallet has been synchronizing for hours. I can see the bitcoin that was transferred into an unknown wallet. Have I just lost all of my bitcoin |
electrum-wallet/electrum now contains only a single initial commit with README.md states that "spesmilo/electrum" is the only Electrum. |
closing this issue, the repo has been blocked |
There is a new malware being distributed that disguises itself as the "real" Electrum.
See https://github.com/electrum-wallet/electrum/releases
but the real key for ThomasV is
6694D8DE7BE8EE5631BED9502BD5824B7F9470E6
git-cdn.org
, e.g.https://git-cdn.org/electrum-3.4.1-setup.exe
Verified
badge on the release, as it is on a legit commit signed by me..."This commit was signed with a verified signature"
GlobalSign Extended Validation CodeSigning CA - SHA256 - G3
serial number: 158fd7d2fb6e69e775abee6e
(signer name for legit Windows signer is "Electrum Technologies GmbH")
electrum/RELEASE-NOTES
Line 40 in b491a30
@ecdsa @EagleTM
EDIT: GitHub promptly took down that repository. Thanks for that!
Archived at https://archive.fo/Fb2lZ
The text was updated successfully, but these errors were encountered: