Digital wallet developer Electrum has released an emergency patch saying it found a vulnerability that could lead any website hosting Electrum to steal a user's digital currency, exposing passwords to the JOHNSONRPC interface and ingelling hackers full control of the wallet. Earlier, Electrum released the first patch, but it didn't seem to solve the problem, and they released a second update urgently Sunday night local time.
Electrum is a well-known light wallet for Bitcoin that adds new features such as server authentication using SSL to prevent MITM attacks. So unlike other Bitcoin light wallets, Electrum cannot communicate directly with different versions of Bitcoin full nodes, and each startup connects to electrumserver to communicate, and electrum.
When an Electrum wallet queries a third-party Electrum server, the server can link two transactions together and know which address is a zero address.
The main reason for the Trezor vulnerability is that it does not have built-in multi-signature functionality, so its multi-signature implementation is to support Electrum extension. This led to an attack on electrum, and Trezor was affected.
Now that we understand the benefits of Electrum, we can start using Electrum. Before use, prepare pens and paper to facilitate the recording of safety seeds.
Earlier this month, Electrum detected a DoS attack on its network, allegedly launched by a malicious botnet with more than 140,000 machines, designed to provide Electrum to users.
On December 27, Reddit user u/normal_rc reported that Electrum's wallet had been hacked and that nearly 250 bitcoins (243.6 BTCs, nearly $1 million) had been maliciously stolen, coinelegraph reported. Electrum then confirmed that the attack included creating a fake version of the wallet to trick users into providing password information. Electrum responded on Twitter that "this is a persistent phishing attack on Electrum users" and warned users not to download Electrum from any source other than the official website.
and Android system. Installing Electrum requires you to write down a 12-word seed to help you recover your wallet on multiple devices. If you forget your private key, this seed can also make Electrum look more human. In addition, Electrum has a "cold storage" mode where you don't have to pay Bitcoin to view your balance.
Where-Object . . . AppIdEntry.ServiceName -eq"
Note: Electrum-XZC is derived from Electrum and uses different seed phrase criteria, so it cannot be imported.