The cryptocurrencies wallet Electrum was hacked and lost 250 bitcoins.
Shunto touch melon, open the github of the electrum, we find the following code in the electrum/electrum/ecc.py.
January 19 (Xinhua) -- Electrum is a world-renowned Bitcoin light wallet with a long history of supporting multi-signatures and a very broad user base, many of which like to use Electrum as a cold wallet or multi-signature wallet for Bitcoin or even USDT (Omni), according to the Slow Fog Security team. Based on this usage scenario, Electrum is used less frequently on the user's computer. The current version of Electrum is 3.3.8, and previous versions of 3.3.4 are known to have "message defects" that allow an attacker to send an "update prompt" through a malicious ElectrumX server. This "update tip" is very confusing to the user, and if you follow the prompt to download the so-called new version of Electrum, you may be tricked. According to user feedback, because of this attack, stolen bitcoins are in the four digits or more.
Bitcoin Wallet Electrum has released a beta version of Electrum 4.0, which supports the Lightning Network.
Bitcoin wallet Electrum suffered a phishing attack, at least 1,450 BTC stolen
Electrum client. A veteran security research expert told Hard Fork that if a user installs the problem version of Electrum.
What if the gold investment is set up! Gold investment remembers the original, sometimes the market did not see right, but they do not want to give up. Geckos do not break their tails in normal life, but if in danger they will break their tails, a form of self-defense, an instinctive response to danger;
Electrum tweeted today about the incident, saying it was "a persistent phishing attack on Electrum users" and imploring users to check the effectiveness of the resources they log on to.
DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
You may have noticed an important difference between the MyMonero type and the Electrum seed type. MyMonero creates a viewing private key by hashing a random integer, while the Electrum type hash pays the private key. This means that the seeds of 13 and 25 words are not compatible - it is not possible to create an Electrum type account that matches the MyMonero type account (and vice versa) because viewing key pairs is always different.