follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel . ask urgent question ONLY . Subscribe to our reddit . Altcoins Talks Shop Shop


This is an Ad. Advertised sites are not endorsement by our Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise Here

« previous next »
Pages: [1]   Go Down

Author Topic: Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed  (Read 9245 times)

Offline mayuri27

  • Full Member
  • *
  • Activity: 216
  • points:
    8225
  • Karma: -1
  • Trade Count: (0)
  • Referrals: 4
    • Last Active: April 04, 2021, 07:19:22 AM
    • View Profile

    • Total Badges: 12
    Badges: (View All)
    Topic Starter 100 Posts 50 Posts
Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed
« on: January 08, 2018, 12:20:58 PM »
Popular wallet developer Electrum has issued an emergency patch for a critical bug in its bitcoin wallets. The flaw allowed any website hosting the Electrum wallet to potentially steal the user’s cryptocurrency. A vulnerability meant that passwords were exposed in the JSONRPC interface, granting hackers complete control of the wallet. The first patch failed to fix the problem however, forcing Electrum to issue a second update on Sunday evening.

Also read: Bittrex Wallets Are Taken Offline as Companies Scramble to Patch the Intel Bug

A Quick Fix to a Long-Standing Problem
Last week, the tech world was rocked by news of a bug in Intel computer chips that had lain undiscovered for years. It’s a similar story with the Electrum wallet vulnerability, with some reports stating that it had been in existence for over two years. Google vulnerability researcher Tavis Ormandy claims to have discovered the bug, though the flaw had been flagged last year. Within hours of Ormandy pointing out the vulnerability, Electrum had rushed out a patch to remedy it.

Electrum Moves Fast to Patch Bug That Left Bitcoin Wallets ExposedIn a Bitcointalk forum post, site admin Theymos explained: “If at any point in the past you had Electrum open with no wallet passphrase set; and had a webpage open then it is possible that your wallet is already compromised. Particularly paranoid people might want to send all of the BTC in their old Electrum wallet to a newly-generated Electrum wallet.”

He later updated his post, adding: “If you had no wallet password set, then theft is trivial. If you had a somewhat-decent wallet password set, then it seems that an attacker could “only” get address/transaction info from your wallet and change your Electrum settings, the latter of which seems to me to have a high chance of being exploitable further. So if you had a wallet password set, you can reduce your panic by a few notches, but you should still treat this very seriously.”

Fatally Flawed
The individual who first reported the flaw on Github on November 24 explained: “While the electrum daemon is running, someone on a different virtual host of the web server could easily access your wallet via the local RPC port. Currently, there is no security/authentication, giving someone access to the RPC port full access to the wallet.”
Logged

Altcoins Talks - Cryptocurrency Forum

Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed
« on: January 08, 2018, 12:20:58 PM »

This is an Ad. Advertised sites are not endorsement by our Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise Here

Pages: [1]   Go Up
« previous next »
 

ETH & ERC20 Tokens Donations: 0x2143F7146F0AadC0F9d85ea98F23273Da0e002Ab
BNB & BEP20 Tokens Donations: 0xcbDAB774B5659cB905d4db5487F9e2057b96147F
BTC Donations: bc1qjf99wr3dz9jn9fr43q28x0r50zeyxewcq8swng
BTC Tips for Moderators: 1Pz1S3d4Aiq7QE4m3MmuoUPEvKaAYbZRoG
Powered by SMFPacks Social Login Mod