BTC Stolen

[KallEYE]

They stole 0,09 btc from me
Why Electrum shows me that I have to update software ?
I was using it for 1 year and this fucking message came from Electrum server

Adress:
bc1qvr93mxj5ep58wlchdducthe89hcmk3a4uqpw3c

[KallEYE]

Is a fucking action, since they had no password, etc.

[KallEYE]

Delete everything and reinstall it.

[gits7r]

We are sorry for this, but this message is confusing and too alarming and causes panic among users.

Electrum doesn't have a bug that can be exploited, it cannot be controlled remotely, it has no open vulnerability that can cause loss without user's action. Electrum was no more "hacked" or "exploited" than gmail, yahoo, outlook and all financial institutions (banks, etc.) as well as various other online services are every day.

Because of how peer discovery works in Electrum, there is not much we can do for old versions, since we can't prevent them with 100% success rate to run into a malicious server. This is because, unlike other lightweight wallets, Electrum decided to not have only few harcoded servers that will be responsible for the privacy of all users, and act as single point of failure, but instead allow users to run their own servers or use servers that they trust. Electrum takes user privacy very seriously, which is why proper peer to peer discovery without central authority arbitration was adopted, instead of anything else. This way an attacker cannot keep an Electrum user offline, or isolate him, or pull various attacks.

While the entire Electrum team is doing absolutely everything possible to protect the users, such as:

• patch Electrum wallet to not display rich text, and don't allow arbitrary messages, only strict codes;

• patch ElectrumX server implementation to detect sybil (malicious servers that send the phishing message) and not further broadcast them to clients;

• implement blacklist logic to maintain malicious servers outside the view of the clients;

• heavily advertise on social, website and all communication forms existent with the users that they should always run the latest version and always only install from the official source (electrum.org), accessed over secure protocol (https) with prior verifications of the PGP signature;

...the sad truth is that nothing can be truly done to protect an user from its own actions. If you are willing to install Electrum from a different source, when the official is electrum.org, and you don't verify signatures, even with the latest patch that does not display rich text you are still vulnerable as you can receive an email or text message with the same phishing message, and install a backdoored Electrum.

After all, when you install and use security software and finances software such as Electrum the first rule is to make sure you are running a version that has no discovered vulnerabilities and your build is signed and genuine.

I know this is not pleasant to read after loss of funds, and we are sorry, but this is the sad truth. This is not a vulnerability in Electrum, so we are going to respectfully close such issues / tickets on github because we are already doing everything possible to limit the effects of phishing attacks, and such issues do not provide any new information.

[KallEYE]

A nice excuse from Electrum. Have the wallet displayed, update as it is synonymous with many other programs that
was led directly from the wallet to the homepage. This deportation of responsibility to users is an insolence. Even my protection program did not recognize the fake side. Choose another provider, since the comment page Electrum is a naughtiness !!!!!
Ciao Electrum
Fuckup Electrum - Electrum still earns money from it!!!!

[gits7r]

It is not an excuse from Electrum. it is a simple explanation from me, personally.

Where did you download the first Electrum from? electrum.org

The second one was downloaded from a different source. Electrum.org clearly states do not download from other sources.

Your protection program cannot recognize the fake side, because the attack is simple and is not related to a security exploit, it just sends a message that QT parses as rich text.

You can receive such messages by any other channel, like email, phone, sms, etc. - if you follow the malicious link the effect is still the same, so yes I sincerely think it's the responsibility of the users. Running out of date software is not recommended especially security software or finance software. Installing unverified binaries from untrusted sources is even worse, and there's absolutely nothing that those app developers can do to protect you against this.

Electrum does not earn any money from it. If Electrum was malicious, I assure you funds would have been taken in a smarter way and not via the oldest scam in the history of the internet: phishing, which happens every day to ALL online services...

[riniguez]

bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny stole me 0.00796663 BTC

[4oo4]

@KallEYE

electrum/LICENCE

Lines 14 to 20 in 9c45472

	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
	NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
	LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
	OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
	WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

[1400BitcoinStolen]

I just lost 1,400 BTC via the same method described above.

[1400BitcoinStolen]

bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny is the receivers address.

[verretor]

I just lost 1,400 BTC via the same method described above.

Could you provide more details about how it happened?

[1400BitcoinStolen]

I had 1,400 BTC in a wallet that I had not accessed since 2017. I foolishly installed the old version of the electrum wallet. My coins propagated. I attempted to transfer about 1 BTC however was unable to proceed. A pop-up displayed stating I was required to update my security prior to being able to transfer funds.

I installed the update which immediately triggered the transfer of my entire balance to a scammers address.

[verretor]

They may not have stolen your BCH and BSV yet.

I recommend moving those to another wallet using ANOTHER COMPUTER. Yours is possibly compromised.