Vulnerabilities were found in Electrum and Electrum-LTC. It has been fixed in Electrum-LTC 184.108.40.206. If you are running an earlier version, update your software.
It turns out that the FTP account password used to upload local user information, with a normal Electrum Installer file, is used once the user installs it, and sensitive information entered under Electrum is sent to a remote malicious FTP server for reception.
According to The Next Web, the attackers even implemented their own Electrum servers, which hosted the attacked Electrum.
Star Daily News Bitcoin Wallet Electrum official Twitter announced that the next version of Electrum will support Lightning online payments. Its lightning node implementation has been consolidated into the main branch of Electrum. Electrum also confirmed that the wallet will adopt a new implementation of in-house development written using Python. (Cointelegraph)
The root cause of the vulnerability is a lack of secure DLL loading and a lack of digital certificate validation for binary files.
Electrum Wallet is one of the most popular Bitcoin wallets and has been around for several years. However, Electrum wallet users often rely on Electrum servers, which presents some security and privacy trade-offs. If you use electrum personal servers, Electrum wallet users can connect locally to their own private servers, enjoying the convenience of Electrum without any trade-offs.
Today, electrum Wallet's official Twitter feed repeatedly alerted users to hacking attacks.
In this demo, Electrum developer Chris Belcher shows how to set up and use electrum personal servers.
Billy: The use of IDA is relatively extensive in the platform and can now be circulated in these links.
Users of Bitcoin wallet Electrum are facing a phishing attack, according to the Devi Security Lab. Hackers broadcast messages to the Electrum client through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install this "backdoor-carrying client", the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.