According to Reddit users, youTube, the video-sharing platform, allegedly miscast malicious ads about Electrum, the Bitcoin (BTC) wallet. In a Reddit post, a user named mrsxeplatypus warns the public about malware and describes how scam ads work: malicious ads masquerade as an Electrum ad, and even display links that are correct, but immediately start downloading malicious EXE files when you click on the ad. As you can see in the picture, the URL it sends to me is elecktrum.org, not electrum.org.
Hackers launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used botnets of more than 140,000 computers to attack Electrum nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials. De-dimensional Security Labs recommends that users of electrum wallets be updated to the latest version of the client through the official website and never use the link in the prompt message.
Public keycryptography public key.
That is, data encrypted with the public key must be decrypted with the private key, and if the private key is encrypted, it must also be decrypted with the public key, otherwise decryption will not succeed. The principle of public and private keys Public and private keys can be verified against each other, so can the lost private key be retrieved through the public key? The answer is: No. There are 4 guidelines for the use of public and private keys: 1. A public key corresponds to a private key; The public key can be made public, but the private key is absolutely not; If the data is encrypted with the public key, only the corresponding private key can be decrypted. 4. If the data can be decrypted with a private key, the data must be encrypted against the public key. However, because the contents of private key encryption, with the corresponding public key can be solved, and the public key is public, the holder of the public key can be unlocked, not security, so this strict sense is not encryption decryption, but the private key signature, public key authentication signature process.
(nonce, receiving_address, value, dataitem0, dataitem1... Dataitemn, v,r,s?nonce is the number of transactions that the address has sent, encoded in binary format (e.g., 0 -'', 7 'x07', 1000 -'x03'xd8'). (v,r,s) is a newly generated Electrum-style transaction signature without the private key corresponding to the sending address, and the range of v is 27 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The public key and address can be extracted directly from an Electrum-style signature (65 bytes). The conditions under which the transaction is legal.
The Electrum team has announced the attack in an official tweet, saying that "this is an ongoing phishing attack on Electrum users" and reminding users to check the authenticity of the client's source before logging in. The team published its official website, and electrum clients downloaded elsewhere may be problematic.
Electrum Wallet provides further freedom for Bitcoin custodians. So he can choose which Bitcoin he wants to trade with. This is important not only for anonymity, but also for reducing the size of transactions. Under the menu item "Coins", you can select the unused trade output for the next trade. With Electrum, you can actually implement what you say "not a key, not a coin" because you can actually control the coin.
Core all-node interactions to get the history of your wallet in a private way. You can also choose to use the Electrum server, but you do not encourage regular users to use it. There are also plans to replace the Electrum interface with one that uses client block filtering.
Start Electrum after the fourth step, and instead of choosing the option to create a new wallet, choose to create a Watch-only wallet. The public key obtained in the third step is then entered (Figure 10), and once the wallet is synchronized with the Bitcoin network, you can see the Bitcoin balance of the wallet. As we can see when we enter dumpprivkeys() on the command line (Figure 12), there is no private key in this read-only wallet, which means that if this online read-only wallet is hacked, the hacker will not get a little Bitcoin.
Bitcoin wallet service Company Electrum has been hacked, resulting in the loss of user funds. In response to the attack, Beosin Chengdu Chain Security made an analysis: This wallet Electrum was attacked, mainly because the use of the kivy framework is using a standard py compiler and wallet does not do anti-secondary packaging protection, the core file can be directly recompiled back to the py file. Attackers can imitate the code, directly join the code to steal the user's password, key after the secondary packaging, and then cooperate with other attacks, tempt users to install the wallet implanted with malicious code, thereby stealing the user's password, key and other sensitive information.
Public key: with the other party's public key encryption, the other party with their own private key decryption, because the private key itself, and the public key can not be decrypted, can be guaranteed security.
Inside YYW begins with the public key, wif_priv_key the private key itself, do not disclose (red for the public key blue for the private key)
The electrum and Electrum-LTC versions below 3.3.3 are vulnerable to phishing attacks in which a malicious server displays a message asking the user to download the fake Electrum. To prevent user exposure, versions older than 3.3 can no longer connect to public servers and must be upgraded. Do not download software updates from sources other than electrum.org and electrum-ltc.org.
electrum not accepting public key
Note: Electrum-XZC is derived from Electrum and uses different seed phrase criteria, so it cannot be imported.
To avoid copying errors, you can install the Bitcoin Core client on a computer that remains offline, or electrum Light Wallet, import the private key above to check that the resulting Bitcoin address is consistent.
The main reason for the Trezor vulnerability is that it does not have built-in multi-signature functionality, so its multi-signature implementation is to support Electrum extensions. This leads to an attack on Electrum, and Trezor is affected.
Not long ago, the country's public transport cards began accepting Bitcoin payments. In Argentina's 37 regions, more than 7 million people use such transport cards.
As we all know, a classic user experience can't stop real freaks, especially when the range of features is huge. Here, wallets clearly score points. Without introducing all the features, here are some key points from Electrum Wallet.
Attackers reportedly created their own Electrum servers, which hosted the attacked version of Electrum in order to implement the attack. When the user will be vulnerable.
Electrum Bitcoin Wallet is a reliable service that has been around since 2011. It is called a "thin" cold wallet, where the entire blockchain is not downloaded to the user's device but stored on a network server. In this case, the private key is stored encrypted on the user's computer and is never sent to the server.
In a recent announcement on Twitter, Electrum advised users to disable the automatic connection option and manually select a server, while the company is developing a more powerful Electrum.
Bitcoin wallet service Company Electrum was hacked, resulting in the loss of user funds. In response to the attack, Beosin Chengdu Chain Security analyzed that the wallet Electrum was attacked, mainly because the kivy framework used is using a standard py compiler and the wallet is not protected against secondary packaging, the core file can be directly recompiled back to the py file. Attackers can imitate the code, directly join the code to steal the user's password, key after the secondary packaging, and then cooperate with other attacks, tempt users to install the wallet implanted with malicious code, thereby stealing the user's password, key and other sensitive information.
Private key generates public key, public key generates address
According to Johnwick.io, we will continue to monitor and track the further flow of funds after a recent user submitted a coin-losing incident claiming that the download used an Electrum wallet had been phishing and that more than 700 bitcoins had been lost, and that the stolen address had been added to the Devi AML system. It is reported that malicious websites (electrumsecure) fake Electrum website phishing attacks, to guide users to download and use the wallet, in order to steal the user's private key and other sensitive data. Devi Security Labs is here to remind users not to install unknown sources of Electrum wallets, to avoid asset losses. Electrum Official Website: electrum.org Electrum Phishing Website: electrumsecure.
Wallet, Coldlar, Electrum, Huobi.
Blockchain.info, Electrum Wallet.