A vulnerability was found in the Electrum wallet software which potentially allows random websites to steal your wallet via JavaScript. The bug presumably also affects altcoin derivatives of Electrum such as Electron Cash. If you don't use Electrum or a derivative, then you are not affected and you can ignore this.
https://bitcointalk.org/index.php?topic=2702103.0
I actually really like the electrum wallets, they're one of the best in my opinion for bitcoin and litecoin. There is apparently an upgrade to fix the problem. We use them here locally for some auxiliary tasks. They're lightweight (don't require a lot of computing resources to use) so they're a great alternative to running a full node wallet, which uses quite a lot of hard disk space nowadays, but safer than using a web wallet (well, mostly safer, obviously there can be exceptions like this one).
I've temporarily shut down ours per the link above, and we'll upgrade tomorrow. The shutdown of these wallets doesn't affect our site in any way, we just use them for the occasional manual transaction to pay for something in crypto.
If you have a lot of money stored in wallets or even on exchanges get a crypto only PC that you keep updated, have little extra software on, and turn on rarely. It might cost a couple hundred but there’s a ton of hackers out there looking for easy money in the form of your crypto wallet.
EDIT: Trezor, Ledger, etc. are always best but for some people who keep coins on exchanges, or trade a lot it isn’t an option.
It might cost a couple hundred but theres a ton of hackers out there looking for easy maintenance in the form of your crypto wallet.If you have a lot of money stored in wallets or even around exchanges disturb to the fore a crypto by yourself PC that you save updated, have small count software upon, and slope upon rarely. @blocktrades
I really agree with your comment
I guess you are right. Thanks. And look at my blogs and give me a comments
Thanks for your post!
Please Follow, Upvote & Resteem my post to help us to travel & explore more
https://steemit.com/travel/@jonbee/travel-with-us-ep-01-kushtia-sugar-mills-kushtia-bangladesh-bd-steemian
Gbamest Counsel.
you are right.
I totally agree!
Thank you for the information
Maybe i am misunderstanding the change notes but it seems to me that that the fix that has been implemented in the newest release (v3.0.4 ~ 9 hours ago) has disabled default CORS approval which means the vulnerability could still be exploited by code running on the local computer; obviously a password protected wallet goes a long way to mitigate the chance of compromise.
While this is the case with most software i am not sure why the RPC is being enabled by default when 95% of users would have no use for it and the ones that did would be proficient enough to enable this for use.
Thanks for the heads up. Interesting to see it was first reported in Nov 2017 and not until today where a POC confirmed it as such a high risk
@steempower as I told @blocktrades too, you are very active in the steemit community, always informing people on everything, and your posts on Bitshares are really impressive. They helped me understand many more things about it!
I also wanted to stop by you and send you a big shout of appreciation for your support in one of the previous chapters of the guide. It was a huge support, and it really helped together with @blocktrades , @lukestokes , @starkerz , @cryptographic , @stephenendal , to reach many more people as expected, I have not counted again but all the first 4 chapters have reached the hands of more than 2,500+ people reach and 280+ comments and questions, and this is already amazing for me, because my aim of helping many new users, new visitors and minnows to understand as much as possible about steemit and the steem blockchain is becoming true!
Speaking about the 11 Chapter full Steemit guide, I was wondering your what do you think about it, and what feedback can you give me to improve it even more. I mentioned @blocktrades in Part 6, you can see the comment I sent to @blocktrades a few messages down here.
I will mention a lot from you in the future chapter about Steem a part of a larger ecosystem, were I speak about Bitshares!
Here is what Chapter 5 I posted today is about, and a link to it:
Chapter 5 of 11: Learning some of the many "Other ways to Earn Rewards on the Steemit Platform & Steem Blockchain" - This is part 5 of the 11 Chapters (Full Guide) to help new people make their way on Steemit
https://steemit.com/steem/@gold84/chapter-5-of-11-learning-some-of-the-many-other-ways-to-earn-rewards-on-the-steemit-platform-and-steem-blockchain-this-is-part-5
Looking forward to hear from you, in any comments section, of this or any chapter! As I told @blocktraes , your knowledge and experience together with @lukestokes @timcliff @starkerz @stephenkendal has been inspiring me to continue with the series, and even add more value and additions to it.
Regards, @gold84
Yes, from what I gathered the fix is to avoid you going to a web page that then transferred money from your electrum wallet when you unlocked it. A rogue program on your local machine can always steal money from your wallet when you unlock it. It's why I upvoted the guy who suggested you should keep a crypto computer where you don't install much software.
Just disabling RPC wouldn't really protect you from a rogue program. As soon as you unlock your wallet, a rogue program with enough privilege can send keystrokes to your wallet to do whatever it wants...
Thanks for your post!
Please Follow, Upvote & Resteem my post to help us to travel & explore more
https://steemit.com/travel/@jonbee/travel-with-us-ep-01-kushtia-sugar-mills-kushtia-bangladesh-bd-steemian
I have read your post now and I try to protect it from fake programs thanks to comments you make.Thanks for sharing sir.. @bloctrades
Apparently if a problem is identified it is half solved . Coin holders needs to be carefull. But i was complaining why not their is a coin personal holder which is not dedicated to any coin. Like a personal wallet can hold any cash right. Dollars, pound...... so i need a detached device which can handle any blokchain coin which is detachable like a flash disk. And when ever you want to have a transaction you will plugin and send or recive into your personal bank devise.
Daont you think we need one of those specially i make a daily exchange to ten or so coins by observing the markets so it becomes a tiresome job to open a wallet in every vender wallet.
Anyway good luck on all steemers to be profitable in cash and in the readings of blogs. Belive me i started my exchange market after reading steems. And i make a 250,000 dollars since three monthes.
Respect.
I think electrum wallets do not need a copy of the blockchain.The website needs to be revamped to make it clearer which wallet to use
Apparently this is the one with the fix: https://electrum.org/#download
They don't keep a copy of the blockchain, they are what's known as a "light wallet".
oh! great
Very good information and very useful for many people to be more careful again forwards
HELP
Forgot to mention the Memo while sending Steem to Blocktrades.
Please send me the steem back to me so that I can generate another Memo and rectify my mistake.
Thank you.
Here's the transaction details:
https://steemd.com/b/18765879#b346ab82166a9a9f982760612a64524e54ebd7c5
Electrum and Electron Cash potentially compromised? I find this news... shocking :)
Electrum has just released a newer version with this vulnerability fixed. Everyone ... please, download the newer version 3.0.4 from their official website. And must check the signature:)
Download newer version 3.0.4 : https://electrum.org/#download
Release notes : https://github.com/spesmilo/electrum/blob/3.0.4/RELEASE-NOTES
I just saw that I forgot to send my memo below the amount.
562edbd8-7002-4659-ae35-ae15d2e200d8
Thanks for the info. Im sure you will help out a lot of people that would have otherwise been unaware.
Also I saw you gave someone an upvote...
follow me back bruh
Thanks for your post!
Please Follow, Upvote & Resteem my post to help us to travel & explore more
https://steemit.com/travel/@jonbee/travel-with-us-ep-01-kushtia-sugar-mills-kushtia-bangladesh-bd-steemian
Thanks for the info,,,, at least people will know now and look for better places to secure their funds
Actually I like electrum wallet, it's a good one. But any software can have bugs. Sounds like they have a fix now.
bruh follow me back
Bitcoin is not anonymous, but two wallets translate addresses, making it difficult to track your payments and contacts. It is recommended that you use a new Bitcoin address on each payment request. Bitcoin does not provide information to clients on the network while the kernel is paying while receiving payments. Electrum can be associated with all of your payments and uses central servers that can log in to your IP address. @blocktrades
thats really true my friend
folllow back
Thanks for the heads up. We have got into the habit of moving any longer term holdings into cold storage. Thumb drives and printouts with paper wallets.
Is interesting to know about this post.
Hallo,sir someone has been hacked my steemit account password. And transfered sbd by this mamo.
Pls help me.
I can not acces to my account too.He changed my password too.
I have to learn a lot in understanding this all, it's my hope to have a chance to get a lot of opportunities in steemit. Thank you for sharing @blocktrades. Successful steemit.
(sad trombone sound)
I have switched to a paper wallet. I don't trust any electronic device with my money.
If you are serious about crypto's you need a good wallet in which to store them!
https://steemit.com/cryptocurrency/@nzfxtrader/top-5-best-cryptocurrency-wallets
read the post. Great overview of the best cryptocurrency wallets - now I need to get one quick! thanks
This is crazy. Fortunately, I don't use this wallet. Thanks for the clarification.
Seems like Ethereum wallets have Been filled with issues lately
From Parity to Electrum, it's been tough to find a place to put your Ether that is safe from bugs, hacking, or just dumb loss.
The only lucky thing is that these wallet issues have been mostly exclusive to Ethereum and most Bitcoin services have been running strong for years.
Good news is: Steemit wallets have never given me any trouble at all, love this platform!
Tsundere
Need to more secure their wallet, for holder safer, if it will be carry, they will be fall in any time, many holder don't know yet about this
As far I know, there has already been the fix to issue, still one has to be in carreful enough
Very helpful information.blocktrades is best way for exchange.i like blocktrades andalways use blockstudies for exchange..
I suggest you get crypto softwares, that you would need to update regularly to block these hackers from you crypto wallet, pricey but totally worth it.
Thanks for the heads up @blocktrades
@adedoyinwealth
Bitcoin is not anonymous, but two wallets translate addresses, making it difficult to track your payments and contacts. It is recommended that you use a new Bitcoin address on each payment request. Bitcoin does not provide information to clients on the network while the kernel is paying while receiving payments. Electrum can be associated with all of your payments and uses central servers that can log in to your IP address. @blocktrades
I hope you see my comment
It might cost a couple hundred but theres a ton of hackers out there looking for easy maintenance in the form of your crypto wallet
Thanks author for the info. I really had no idea why it is vulnerable
thankyou for the news. we should be aware...
Vital information. Thanks for this
Thanks for the valuable information about this.. You are simply great @blocktrades
great information thanx for sharing with us <3 keep going
Good information
it's a good
Hopefully, they will fix it soon and there will be no more vulnerabilities for any kind of wallets.
Thanks for the info. Actually guys will know about it and how can they stay more secure. Crypto is the trend now @blocktrades
Thanks Sir @blocktrades, for updates and advises about this issue.
Can i ask a question?:
I want to know about power delegation,I am new here and still my Sp is low and want to up my voting power so that i do my efforts here in Steemit with more passion and hardworking. how can i delegate it, please tell me the procedure and whole criteria.
Waiting for your reply.
We don't have any free right now, but you can checkout minnowbooster.net, they offer delegations too.
Thanks sir
Why do people choose to work hard the wrong way? You are smart and intelligent channel such energy to positive vibes but they'd rather take another man's hard earned money. Urgent steps must be taken to secure wallets, I get scared often times as I have a better percent of my coins on the exchanges.
That's terrible news, even though I don't use electrum wallet myself. It seems no matter how advance the program is there will always be flaws or bugs that hackers can take advantage off. Hopefully this won't happened to other crypto wallets as well. Thanks for the informative post. Have a nice day.
I hate to read this stuff but I appreciate it @blocktrades . I've been around crypto since 2012 but not very technical. The vulnerabilities I read about make me nervous but I'm happy that people are finding solutions. But for noobs there is a lot of misinformation and disinformation. I wish it were easier to keep up lol
Wow amazing post. 🙏👍
I think blockchain is too good to other wallets.Their fee is too high but their service is good.
intéressant et merci pour l'information
A security update has been released.
https://steemit.com/bitcoin/@cgrave/security-update-released-for-electrum-wallet
Thanks for the warning!
Right now anyone can theoretically steal your wallet keys using the Meltdown or Spectre vulnerabilities. If you want your ETH to be safe, literally the only choices are paper wallets or hardware wallets.
Thank you, I actually do not use electrum wallet, thanks for the update.
Thanks for your post!
Please Follow, Upvote & Resteem my post to help us to travel & explore more
https://steemit.com/travel/@jonbee/travel-with-us-ep-01-kushtia-sugar-mills-kushtia-bangladesh-bd-steemian