hacked sending money from electrum #5084
Comments
ecdsa
added
the
phishing 🎣
|
If I don’t get my money back I’ll be getting the U.S. government involved you guys should have stopped this it’s a problem with your app |
|
I just happen to be browsing here and saw your post, I'm just an electrum user like you. I'm sorry but you have been the victim of a phishing attack. This has been an ongoing problem for about a month now. The message that popped up was spoofed (faked) and when you clicked the link you were redirected to the criminals website where they sent you a hacked version of electrum designed to steal your coins as soon as you entered your password (if you used one). In the future never ever click a link that you weren't specifically expecting (email attachment that looks legit, but you weren't expecting it: ask the person who sent it to you first). Anytime you are asked to update software ALWAYS download directly from the makers official website and type the address directly into the URL bar including the HTTPS:// At this point there isn't much you can do other than try to calm down. If you have other crypto or should you buy more, I strongly advise you purchase a hardware wallet (trezor, ledger, etc..) Sorry about your loss, it's a difficult learning experience. You can check out information about it here: https://www.reddit.com/r/Bitcoin/comments/anycg2/electrum_targeted_phishing_malware_warning/ or here: https://bitcointalk.org/index.php?topic=5095856.0 |
|
@jon0190 the update you have been downloading was bitcoin-stealing malware |
|
Yeah I gather all that now, as you said “it’s been going on a while now”, the creators or people running electrum should’ve stopped this by now. If I don’t get my money back I’ll be contacting everyone possible in our government for help because this is bullshit! It’s not a phishing email it’s a problem with their product, that they are probably behind since it hasn’t been stopped not being disrespectful towards you |
|
I don’t have it anymore I copied and pasted the link and I’ve already started cleaning my computer as someone else said I need to do |
|
It was a github link that popped up when I tried to send, |
|
How about disabling deposits to old vulnerable accounts so that people who don’t spend all day online know that there’s a problem? Pieces of shit! |
|
electrum is not a bank, there are no "accounts" |
|
Nobody said it’s a bank I thought it was a secure bitcoin wallet but it obviously isn’t. How about a big warning on the app about this? You have done nothing and I am going to start contacting our government so they can deal with you lazy pieces of shit |
|
Going to be lots of fun for you guys coming |
|
How hard would it be to put a message on your app warning people of this since your app doesn’t auto update security features? Huh bitch? I bet a lot less longer than it’s taking me to reboot my computer. You guys are useless pieces of shit that everyone would be better off without |
|
You guys can track my account all you want, I’m not lying I’ll help when my computer gets done rebooting |
It is not possible to put a warning or display any kind of announcement in existing versions. The whole point of bitcoin is decentralisation. No one has the power to do this. We don't want the power to be able to do this. There has been a warning on the website however for more than a month (since the attack started). And "honest" servers started using the same exploit the attacker's servers are using, to warn users that they are vulnerable, but these messages can only be sent when the user broadcasts a transaction (that is how the exploit works). We have also fixed the exploit in a new version of the client, but you were using an old one. |
|
@jon0190, During last month, some malicious servers appear, which do not accept money transactions and only return bogus error message. This error message states that your client is outdated and you should download a new, updated one. This "updated" client is not an official Electrum client but one provided by a hacker (by this server operator), designed to stole your money and probably to perform further malicious activity on your computer (e.g. stole your browser passwords and other private data). It's uploaded to the website unrelated to Electrum official website or github page, but it is designed to look very close to original one, to fool you to download the file and install it.
Just to be clear, once again: you've installed a virus instead of original Electrum client, uninstall it or better, reinstall the whole operating system because nobody has investigated if the virus perform other actions other than money stealing. And you can't return your money since it Bitcoin, a system built without any party which should be trusted, like banks. You can only monitor further transactions from the address where your money go, and try to determine the person behind that. |
|
It’s okay you can deal with our government |
|
@jon0190 I'm not an Electrum developer, I'm just trying to clarify where you went wrong. I saw this phishing message and almost fell for it too. You've downloaded a virus pretending to be an update for Electrum, that's why you've lost your money. There's nothing me or Electrum developers can do. You're probably thinking of Electrum as a kind of service/organization/"product", but it's not. If you're in a jurisdiction which is strong in cyber security, you should go to police office, provide them information with URLs where you've downloaded the file etc. |
|
I know where I went wrong, so does Thomas and he will be dealing with our government he should’ve stopped this from happening hackers took over his app and he doesn’t think it’s a problem it’s not phishing |
|
@jon0190 no, you're wrong. The software is fine, I use it every day and my coins are safe. The problem is that you've manually installed virus on your computer which looks like legitimate client, from a third-party website which malicious person is running. |
You clearly have no idea what you are talking about. In any case, let me just refer you to the licence of Electrum: Lines 14 to 20 in 9beabc0 |
|
Are you retarded? I know I installed a virus it happened because of a vulnerability in the software, if you have zero IQ don’t try and talk to me, your a idiot |
|
You guys are in a complete different world |
|
I’m not a drug addict go fuck yourselves |
|
That is civil litigation bullshit Incase of a civil lawsuit. That’s not what we’re talking about idiot I’m not going to sue Thomas I’m going to try and have him put under investigation for not stopping this vulnerability |
|
you guys are the idiots of our world. We would have been better off if your parents were never born because they were obviously idiots too |
|
chill out, bitcoin is experimental technology. there are no guarantees. Also, it's not Electrum that stole your funds, it's the malware YOU INSTALLED YOURSELF. The Electrum team did more than it should have done to limit this attack, but nothing can be done to protect one against its own actions. So I am thinking to sue you for false publicity, because Electrum did not steal you. Another backdoored app did, which you installed yourself. After reading your comments I can understand how easy it was for you to buy the scam. I hope this is the last comment in this issue, let's not feed the trolls out of respect for everyone else. |
|
Electrum did shit to stop it and any decent court will see that. Go fuck yourself your the troll |
|
Again their app is allowing this to happen it isn’t a phishing email |
|
Stupid fuckin crackhead |
Just off the top of my head:
(1) and (2) greatly decrease the chances of a client connecting to an evil server.
Almost all server operators have been notified that they should upgrade if possible, to take advantage of (1) and (3).
describing the vulnerability and telling people to upgrade their client from electrum.org, so that they would no longer be affected.
So yeah, we "did shit". |
|
What purpose do I have to go to your website when your service runs through a app? If you were decent people the vulnerability would be addressed on your app like any other decent people. That’s the whole thing you guys aren’t decent person you’re the trash of our world I’m done with this |
|
..the vulnerability would be addressed.. - well, in this case you are the vulnerability. Are you pro choice? |
|
Is this a regional thing? I've been using Electrum regularly during the past months and I've never seen the phishing message pop up. |
|
@Calius you won't see it if you use the latest version |
|
@Calius it’s only an issue in versions older than 3.3.3. So anything like 3.2.2 is vulnerable |
and others
I just got hacked through electrum. I tried to send bitcoins and it stopped me for updates, now my money is gone, I froze the transaction and it confirmed anyways. is there even anybody to contact? I have no money now, thanks alot electrum
The text was updated successfully, but these errors were encountered: