Qtum Electrum synchronously updates electrum-related code and releases v0.18.9.
UBTC Electrum client implements validation support for contract versions (test chain)
In December 2018, for the first time, we discovered and alerted an attacker to a messaging flaw that exploited the Electrum Wallet client to force an "update prompt" to pop up when a user transfers money, inducing the user to update the download malware and then carry out a currency theft attack. This "update tip" is not an official act of Electrum, but a phishing attack by an attacker that exploits a message flaw on the Electrum client and the ElectrumX server, which requires the attacker to deploy the malicious ElectrumX server in advance, and the malicious server is localized by the user's Electrum client (because the Electrum client is a light wallet and the user needs the ElectrumX server to broadcast the transaction). At the time of the madness, malicious ElectrumX servers accounted for as many as 71% of the total, and the show doesn't fully count that hundreds of bitcoins have been stolen in this phishing attack over the past year or so. Although in early 2019 Electrum officials said they would adopt some security mechanisms to prevent this kind of "update fishing", such as: 1. Patch Electrum client does not display rich text, does not allow arbitrary messages, only strict messages; Patch ElectrumX server implementation detects Sybil Attack (i.e. witch attacks, malicious servers that send phishing messages) and no longer broadcasts them to clients; Implement blacklisting logic to alert malicious servers outside the Electrum client view; Promote social networking sites, websites, and all forms of communication that exist with users, who should always run the latest version and always only install from official sources (electrum.org), access through security protocols (https), and verify GPG signatures in advance. However, many users of Electrum are still in the older version (less than 3.3.4), and the older version is still under threat. However, we do not rule out a similar threat to the new version. Recently, slow fog technology anti-money laundering (AML) system through continuous tracking found that one of the attackers wallet address bc1qcygs9dl4pqw6atc4yqurzd76p3r9cp6xp2kny has stolen more than 30 BTC, the crime lasted six months, and recently is still active. We would like to remind Electrum users that the new version of Electrum in this Update Tip is likely to be false and that if installed, transfer Bitcoin out in another security environment in a timely manner. At the same time, we call on the vast number of cryptocurrencies exchanges, wallets and other platforms of the AML wind control system black and monitor such as the above Bitcoin address. Finally, identify electrum's official web address.
Bitcoin wallet Electrum official Twitter announced that the next version of Electrum will support Lightning online payments. Its lightning node implementation has been consolidated into the main branch of Electrum. Electrum also confirmed that the wallet will adopt a new implementation of in-house development written using Python.
The cryptocurrencies wallet Electrum was hacked and lost 250 bitcoins.
Users of Bitcoin wallet Electrum are currently facing a phishing attack, according to the Devi Security Lab. Hackers broadcast messages to electrum clients through a malicious server, prompting the user to update to v4.0.0, and if the user follows the prompt to install the backdoor-carrying client, the private key is stolen and all digital assets are stolen. At the time of writing, at least 1,450 BTCs worth approximately $11.6 million had been stolen from phishing attacks that forged Electrum upgrade alerts. Devi Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum3.3.8 via the official website (electrum.org), which has not yet been officially released v4.0.0, and do not use the link in the prompt message to avoid asset losses.
Harry Denley, chief security officer of MyCrypto, a cryptocurrencies wallet company, detailed the discovery of the malicious extension in a blog post. Denley explained that the deleted apps impersonate known cryptocurrencies wallets, including Ledger, Trezor, Jaxx, Electrum, MyEtherWallet, MetaMask, Exodus and KeepKey.
Verge (XVG): Verge: Bitcoin Core Version 0.13 Rekinding Completed.
Complete qtum-electrum-new QRC20 Token and smart contract functionality.