Electrum is a popular software wallet that works by connecting to a dedicated server. These servers receive a hash of the Bitcoin address in the wallet and reply with transaction information. Electrum Wallet is fast and has few resources, but by default, it connects to these servers and can easily monitor users. In addition to Electrum, some other software uses public Electrum servers. By 2019, it is a faster and better alternative to BIP37.
Hackers have launched a denial-of-service (DoS) attack on a well-known wallet Electrum server, according to Johnwick.io. Hackers used a botnet of more than 140,000 computers to attack Electrum's nodes and simultaneously deployed malicious nodes. When a user connects to these malicious nodes and sends a transaction using an older version of Electrum, the user is prompted to update the Backdoor Client. If the user installs the client as prompted, the private key is stolen and all digital assets are lost. Millions of dollars of digital currency have been stolen, according to Electrum officials.
Bitcoin desktop wallet client Electrum has released a 4.0 beta version, adding several important updates, including support for the Lightning network, nearly a year after the previous version of Electrum, 3.3.8 (last July). In the 4.0 beta version, Electrum mainly added features such as PSBT (partially signed Bitcoin transactions), Lightning Network, watchtowers (暸 watchtowers) and Submarineswaps (subliminal switching). (Github)
Why do I say the few remaining stories, DeFi and Dapp, are bad stories that won't come as a surprise?
UBTC Electrum client implements validation support for contract versions (test chain)
WebEye quickly and easily identifies web server types, CMS types, WAF types, WHOIS information, and language frameworks, using asynchronous for rapid fingerprint identification.
At the time of writing, at least 1,450 BTCs worth about $11.6 million had been stolen from phishing attacks that faked Electrum upgrade tips. DeViable Security Labs hereby suggests that versions of Electrum below 3.3.4 are vulnerable to such phishing attacks, and users using Electrum Wallet are requested to update to the latest version of Electrum 3.3.8 via the official website (electrum.org), which has not yet been officially released, and do not use the link in the prompt to avoid asset losses.
The Electrum development team also warned them that they had nothing to do with a project called Electrum Dark: they used our name without our permission. Be careful with the altcoin version of Electrum, as they are sometimes used as vectors to install malware against your real Bitcoin wallet.
UBTC Electrum Light Wallet Multi-Sign Address Transfer Contract Token Tutorial.
Electrum posted a message about the incident on Twitter today, claiming that "there are currently phishing attacks against Electrum users" and imploring users to check the validity of their login information.