Important - Do NOT Use Electrum For Now! Huge Exploit Found!

in #bitcoin7 years ago (edited)

Electrum is one of the best and most popular light wallets. There was criticial bug found in it today.

If you had it running and any website open there is a chance the wallet is compromised.

The bug is fixed in spoke 3.0.4 but since it was developed fast its not sure there is no more problems found that hackers may use.
Since today the vulnerability is known to the public so many people can try to exploit them.

More info: https://github.com/spesmilo/electrum/issues/3374

If you need to access your BTC and cant wait a day or two for things to settle - download latest Electrum, close all websites (maybe even restart computer) upgrade.

Good news - if you have password on wallet (whcih actually electrum pushed to make) you should be safe for now.

Follow, Resteem and VOTE UP @kingscrown creator of http://fuk.io blog for 0day cryptocurrency news and tips!

Sort:  

Another upgrade needed to 3.0.5

Thank you for the heads up, I do have it on my phone.

This sounds like a major security hole and many people wont bother or know to upgrade. I expect this one will run for some time yet. I haven't heard of anyone losing coins due to this but I'm sure its only a matter of time.

I am very new to the cryptocurrency world (as well as to Steemit). When I first heard about people receiving monetary gain for investing in coins that they believed in, I started watching CoinMarketCap.com to see if what people were saying was true.

It was really fun to see some coins climbing up the ladder in value over just a five day period. That's what got me thinking that my husband and I should take a risk and give this whole thing a try.

We don't have a wallet just yet. We are still waiting for our very first Coin Base deposit to transfer over into the crypto system. But, hearing about hackers like this is a bit discouraging.

I guess when a good hero is created, a nemesis must come along? ... I heard people should be using offline wallets to protect their investments though.

Good, @grizgal that you haven't heard of anyone losing coins over this.

Welcome to Steem and the crypto space! Once you start, you should seriously consider maintaining your wallet offline. I believe the best security is a hardware wallet like to the Ledger Nano S or Trezor. Also, when starting to invest in anything, make sure you do your homework first and don't rely on any one source.

Thanks so much for the warm welcome. I heard about the Ledger Nano, but not Trezor. I will look into it now.

In regards to doing your homework before investing, I do have a question.

How is that the value of coins can be different from one site to another?

For instance, it could be 9pm and Ether could be valued at one amount on one site, but then at the same time, the value could show up as something different on Coin Base.

Its the same as all currencies. With major fiat currencies, large institutions take advantage of any difference in price almost immediately, making the price appear the same on all exchanges. This is starting to happen in crypto but will take time.

Welcome @sophieareli to Steem and cryptowonderland.

Another to advices:

  1. Did you answer the question, if you wanna trade or invest?
  2. Don't use Bitcoin to transfer your funds from Coinbase to other exchanges. You can use Litecoin or other Currencies, as the fees ar much lower

@dauerossi, hubby and I are investing.

I'm so excited. Our money finally cleared in Coinbase last night and we signed up for Binance. So, we are now on our happy way.

And, thanks for the great tip about not transferring with Bitcoin. We are still learning and will look into more things. :)

The same reason you can go to one store and find an item for a different price at another store. That's just the price at that market. Normally they stay relatively close to each other, but when there's a big disparity you can buy at the cheap exchange, transfer to the higher one and sell for a profit. I believe that's called arbitrage.

Oh, okay. That makes sense. And, thanks for the tip on taking advantage of the cheap exchange rate. Wow.

Or a coldwallet live-CD like Bitkey, https://github.com/estevaocm/bitkey

Yeah.... only a matter of time. This is the fact. @grizgal

Yeah.... only a matter of time. This is the fact. @grizgal

fucked up thats why I only trust ledger nano s

thank you

This is a repost of a previous comment I made on a similar story but this advice still holds true. There will always be new bugs and by using your main computer to hold crypto assets YOU ARE AT RISK! A keylogger with a simple exploit in ANY program you have installed could mean you lose everything.

As such I’d recommend if you have a lot of money stored in wallets or even on exchanges get a crypto only PC(possible running a super security focused Linux beach) that you keep updated, have little extra software on, and turn on rarely. It might cost a couple hundred but there’s a ton of hackers out there looking for easy money in the form of your crypto wallet.

Trezor, Ledger, etc. are always best but for some people who keep coins on exchanges, or trade a lot it isn’t an option.

Very informative, nice post. One need to be very careful.

Fresh install your operating system, disable Wifi and any other networking/internet connectivity, add offline wallet generators. Never put that computer online or on a network and that's about as secure as you can get.

I understand the convenience of keeping crypto assets in exchanges / electronic wallets, but if you're dealing with a substantial sum of money the risks just aren't worth it. Keep safe and stick to paper wallets.

Good information, thanks for sharing :)