Users Report Losing Bitcoin in Clever Hack of Electrum Wallets (zdnet.com) 72
A hacker -- or potentially a group of hackers -- has made over 200 Bitcoin (circa $750,000 at today's exchange) using a clever attack on the infrastructure of the Electrum Bitcoin wallet over the last one week. From a report: The attack resulted in legitimate Electrum wallet apps showing a message on users' computers, urging them to download a malicious wallet update from an unauthorized GitHub repository. The attack began last week on Friday, December 21, and appears to have been temporarily stopped earlier today after GitHub admins took down the hacker's GitHub repository. Admins of the Electrum wallet expect a new attack to soon get underway, with either a new GitHub repo or a link to another download location altogether. This is because the vulnerability at the heart of this attack has remained unpatched, albeit Electrum wallet admins taking steps to mitigate its usability for the attacker.
And that's why you verify with GPG sig (Score:1)
such program's installer before installing it.
This assumes you have used the same GPG key in the past for previous versions. If you downloaded it NOW for the 1st AND the hackers managed to substitute the GPG key mentioned/linked on the official website, then there's nothing more you can do.
Re: (Score:2)
Speaking of which, can't these coins be tracked and if someone tries to cash them out, there's your thief?
Re: (Score:3, Funny)
And I'm also afraid of the internet, let's burn that too.
Re: (Score:2)
if it cant be used as safe currency then maybe graphic card and ram prices can return to normal
Uh dude. They did. In fact, ebay is flooded with graphics cards below market value as miners are abandoning ship.
LOL ... love these stories ... (Score:1, Insightful)
You know, after so much hype and bullshit around cryptocurrencies, this shit just makes me laugh.
You wanted to play in an unregulated financial industry, this is what you get. It's the wild west of scams and idiots, and I have no sympathy for any of them.
Boo fucking hoo, more cryptocurrency fools have lost their money.
Re: (Score:3, Interesting)
You know, after so much hype and bullshit around cryptocurrencies, this shit just makes me laugh.
You wanted to play in an unregulated financial industry, this is what you get. It's the wild west of scams and idiots, and I have no sympathy for any of them.
Boo fucking hoo, more cryptocurrency fools have lost their money.
You know people said the same thing when physical currency was introduced. Same exact arguments, physical currency was just stolen by people with bigger muscles and weapons instead of hacking skills.
Re: (Score:2, Insightful)
Then keep playing with it. Personally I'll stick with my bank, my stock broker, and my credit card company. Literally millions of dollars have flowed thru these institutions directly by me and not a single penny has been misplaced over decades. I'll stick with what works for me. And exactly what happened when law enforcement was notified of the hack? Anything? I know if someone robbed me of cash I'd call the police and they would at least try to look for the thief.
Re: (Score:1)
Literally millions of dollars have flowed thru these institutions directly by me and not a single penny has been misplaced over decades.
That's because proper safeguarding instruments had been implemented decades before your time. Currency was insecure for hundreds of years before today's times, and still is as far as cash is concerned.
Re: LOL ... love these stories ... (Score:1, Insightful)
Where are the proper safeguarding instruments for various crypto faux-currency?
There are none which makes the 99% of crypto nerds who collectively own 1% of crypto faux-coins (the 99% belonging to the Chinese government) incredibly fucking naive. When my bank is robbed I personally lose nothing. When a waiter steals my credit card info I lose nothing. When my crypto faux-coin wallet is ripped off I get wiped out with no recourse.
Which is the smart way to go and which is dumb?
Crypto faux-currency serves n
Re: (Score:3)
Half the time the police steal from you. Get pulled over and have a few thousand dollars on you? It's assumed to be drug money and confiscated under civil forfeiture. You'll get it back eventually after getting a lawyer involved.
Re: (Score:1)
You can't use logic with crypto supporters to make them realize that if/when crypto goes through the evolutionary steps you are talking about that it will end up subject to rules and laws that take away 99.9% of the original touted advantages of crypto.
Re: (Score:2, Informative)
You know people said the same thing when physical currency was introduced. ... physical currency was just stolen by people with
bigger muscles and weapons instead of hacking skills.
Citation for what was said then? Physical money (coins) replaced bartered physical objects (sacks of corn, chunks of metal) so the possibility of stealing was not new at the time when coins were introduced.
Fortunately, there is a physical limit to what the "bigger muscled" guys can steal from me because I don't carry all the money I own on me all the time. Typically I might have only about 0.01% of it, so that's all they could take - the rest is buried in a secret place in my garden (LoL). OTOH your entir
Re: (Score:3)
Fortunately, there is a physical limit to what the "bigger muscled" guys can steal from me because I don't carry all the money I own on me all the time. Typically I might have only about 0.01% of it, so that's all they could take - the rest is buried in a secret place in my garden (LoL). OTOH your entire wealth in digital form can be stolen all in one go.
What's ironic is bitcoin was designed to be used the same way, but for some reason few seem to do so.
Bitcoin wallets are free, and transferring small amounts into a new one to have with you or for specific purchases is trivial. Similar to only carrying a small amount of cash with you.
What is far worse however is many people don't even keep *one* wallet let alone multiples.
They entrust that task to online sites like exchanges to manage their wallet for them.
It would be akin to not carrying any cash, but ins
Re: (Score:2)
Re: (Score:2)
I don't think you understand what the word "backed" means.
Software as a series of instructions followed by computers, does not "back" anything any more than a cookbook backs food. Consensus can "back" something, but since the majority of people don't own or want bitcoin (evidenced by its spectacular failure), consensus doesn't back bitcoin at all. And soldiers of fortune, quite by definition, back the highest bidder.
On the other hand the US laws are very real, the police forces are constantly and active
Greater fool theory (Score:1)
It is worth only what the next fool thinks it is.
Also - "circa" - this is no eurotrash website, msmash. Please keep that lingo appropriate.
Package Manager (Score:2)
Re: (Score:2)
Blockchain Security!!! (Score:1)
If nothing else, why can't the coins be tracked to the new wallet (they are) and recouped? Oh, ya, it's unregulated and not back by a government.. to bad.
This is why unsigned code is bad. (Score:2)
I’m not saying Apple’s strict walled garden is a good approach, because the inability to trust new certs actually can make this sort of attack easier by causing third-party app stores to be unsigned until installation, but there is something to be said about ensuring that any app that was code signed by a different cert loses access to app data.
ignore this (Score:2)
posting to fix a fat finger mod mistake.