Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Bitcoin Security

Users Report Losing Bitcoin in Clever Hack of Electrum Wallets (zdnet.com) 72

A hacker -- or potentially a group of hackers -- has made over 200 Bitcoin (circa $750,000 at today's exchange) using a clever attack on the infrastructure of the Electrum Bitcoin wallet over the last one week. From a report: The attack resulted in legitimate Electrum wallet apps showing a message on users' computers, urging them to download a malicious wallet update from an unauthorized GitHub repository. The attack began last week on Friday, December 21, and appears to have been temporarily stopped earlier today after GitHub admins took down the hacker's GitHub repository. Admins of the Electrum wallet expect a new attack to soon get underway, with either a new GitHub repo or a link to another download location altogether. This is because the vulnerability at the heart of this attack has remained unpatched, albeit Electrum wallet admins taking steps to mitigate its usability for the attacker.
This discussion has been archived. No new comments can be posted.

Users Report Losing Bitcoin in Clever Hack of Electrum Wallets

Comments Filter:
  • by Anonymous Coward

    such program's installer before installing it.
    This assumes you have used the same GPG key in the past for previous versions. If you downloaded it NOW for the 1st AND the hackers managed to substitute the GPG key mentioned/linked on the official website, then there's nothing more you can do.

  • by Anonymous Coward

    The attack resulted in legitimate Electrum wallet apps showing a message on users' computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.

    You know, after so much hype and bullshit around cryptocurrencies, this shit just makes me laugh.

    You wanted to play in an unregulated financial industry, this is what you get. It's the wild west of scams and idiots, and I have no sympathy for any of them.

    Boo fucking hoo, more cryptocurrency fools have lost their money.

    • Re: (Score:3, Interesting)

      The attack resulted in legitimate Electrum wallet apps showing a message on users' computers, urging them to download a malicious wallet update from an unauthorized GitHub repository.

      You know, after so much hype and bullshit around cryptocurrencies, this shit just makes me laugh.

      You wanted to play in an unregulated financial industry, this is what you get. It's the wild west of scams and idiots, and I have no sympathy for any of them.

      Boo fucking hoo, more cryptocurrency fools have lost their money.

      You know people said the same thing when physical currency was introduced. Same exact arguments, physical currency was just stolen by people with bigger muscles and weapons instead of hacking skills.

      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Then keep playing with it. Personally I'll stick with my bank, my stock broker, and my credit card company. Literally millions of dollars have flowed thru these institutions directly by me and not a single penny has been misplaced over decades. I'll stick with what works for me. And exactly what happened when law enforcement was notified of the hack? Anything? I know if someone robbed me of cash I'd call the police and they would at least try to look for the thief.

        • Literally millions of dollars have flowed thru these institutions directly by me and not a single penny has been misplaced over decades.

          That's because proper safeguarding instruments had been implemented decades before your time. Currency was insecure for hundreds of years before today's times, and still is as far as cash is concerned.

          • by Anonymous Coward

            Where are the proper safeguarding instruments for various crypto faux-currency?

            There are none which makes the 99% of crypto nerds who collectively own 1% of crypto faux-coins (the 99% belonging to the Chinese government) incredibly fucking naive. When my bank is robbed I personally lose nothing. When a waiter steals my credit card info I lose nothing. When my crypto faux-coin wallet is ripped off I get wiped out with no recourse.

            Which is the smart way to go and which is dumb?

            Crypto faux-currency serves n

        • Half the time the police steal from you. Get pulled over and have a few thousand dollars on you? It's assumed to be drug money and confiscated under civil forfeiture. You'll get it back eventually after getting a lawyer involved.

      • Re: (Score:2, Informative)

        by nukenerd ( 172703 )

        You know people said the same thing when physical currency was introduced. ... physical currency was just stolen by people with
        bigger muscles and weapons instead of hacking skills.

        Citation for what was said then? Physical money (coins) replaced bartered physical objects (sacks of corn, chunks of metal) so the possibility of stealing was not new at the time when coins were introduced.

        Fortunately, there is a physical limit to what the "bigger muscled" guys can steal from me because I don't carry all the money I own on me all the time. Typically I might have only about 0.01% of it, so that's all they could take - the rest is buried in a secret place in my garden (LoL). OTOH your entir

        • by dissy ( 172727 )

          Fortunately, there is a physical limit to what the "bigger muscled" guys can steal from me because I don't carry all the money I own on me all the time. Typically I might have only about 0.01% of it, so that's all they could take - the rest is buried in a secret place in my garden (LoL). OTOH your entire wealth in digital form can be stolen all in one go.

          What's ironic is bitcoin was designed to be used the same way, but for some reason few seem to do so.

          Bitcoin wallets are free, and transferring small amounts into a new one to have with you or for specific purchases is trivial. Similar to only carrying a small amount of cash with you.

          What is far worse however is many people don't even keep *one* wallet let alone multiples.
          They entrust that task to online sites like exchanges to manage their wallet for them.

          It would be akin to not carrying any cash, but ins

      • by Dunbal ( 464142 ) *
        Physical currency is backed by governments, laws, courts, police forces and, as a last resort, an army.
  • by Anonymous Coward

    It is worth only what the next fool thinks it is.

    Also - "circa" - this is no eurotrash website, msmash. Please keep that lingo appropriate.

  • Glad I just rely on package management to update. Though I know that's not entirely safe all the time also but it is a hell of a lot safer.
  • Any other blockchain evangelists want to pontificate how secure the technology is?
    If nothing else, why can't the coins be tracked to the new wallet (they are) and recouped? Oh, ya, it's unregulated and not back by a government.. to bad.
  • I’m not saying Apple’s strict walled garden is a good approach, because the inability to trust new certs actually can make this sort of attack easier by causing third-party app stores to be unsigned until installation, but there is something to be said about ensuring that any app that was code signed by a different cert loses access to app data.

  • posting to fix a fat finger mod mistake.

This is now. Later is later.

Working...