
Users report losing Bitcoin in clever hack of Electrum wallets - bubblehack3r
https://www.zdnet.com/article/users-report-losing-bitcoin-in-clever-hack-of-electrum-wallets/
======
Meekro
This is actually super-clever, let me try to explain. Electrum is unique in
that it's not a "real" bitcoin wallet. To save time and computer resources, it
doesn't download the entire blockchain but rather connects to an Electrum
Server which will do the blockchain stuff on your behalf.

The Electrum Servers (anyone can run one) can check your balance and send
bitcoin on your behalf. Thanks to the magic of cryptography, this is all
perfectly safe. If you send bitcoin through them, they couldn't redirect it to
themselves. The worst they could do is refuse to send it.

Turns out Electrum Servers are allowed to return custom error messages to the
client, though. So this guy set up a bunch of these servers and had them
always return a message saying "Please update your electrum here:
[http://github.com/my-hostile-electrum/steal-yo-
coins.git"](http://github.com/my-hostile-electrum/steal-yo-coins.git"). What's
worse, because Electrum is using the QT QMessageBox, these errors are
displayed with full HTML rendering, making them look even more convincing.

So, crap. Bitcoin is, as they say, a bug bounty on the entire world.

~~~
21
Even better, the fake link looks more legit than the legit link.

FAKE link: hxxxs://github.com/electrum-wallet

LEGIT link:
[https://github.com/spesmilo/electrum](https://github.com/spesmilo/electrum)

~~~
Scoundreller
A redditor reported that the source posted contained the malware. Ie:
compiling from source would not have saved you (unless you did the diff
yourself and inspected the changes).

------
ErikAugust
I decided to stay far away from Electrum after Tavis from Project Zero
reported a big time bug in Electrum's JSON-RPC back in January.

I remember him claiming his dealings with the team were frustrating as well
(gist: they didn't understand the problem).

Source: [https://blockexplorer.com/news/electrum-releases-update-
goog...](https://blockexplorer.com/news/electrum-releases-update-google-
project-zero-researcher-discovers-2-year-old-vulnerability-wallet-client/)

------
pera
[https://github.com/spesmilo/electrum/issues/4968](https://github.com/spesmilo/electrum/issues/4968)

This bug is absolutely atrocious: who decided that displaying error messages
(with rendered HTML!) from untrusted third-party servers was a good idea?

It's a shame since SPV wallets are a great solution for most users, and
Electrum has a relatively nice UI, but after this bug and the JSON-RPC one who
will keep using this software?

------
Tehnix
Incredible to read how dismissive people in the thread are about the
shortcomings of decentralization, up to the point where it feels like people
are just praising gospel without ever having given it a critical thought.

There is still quite a valley between feasibility of crypto currencies in real
world settings, and the current state of affairs.

~~~
hanniabu
Yes, there is a gap, but that will be closing quickly. What I hate to see is
people using this gap as a reason against crypto/ blockchain as if every new
technology is ideally perfect and meets every demand. This is the type of
mindset that would have prevented us from having computers, laptops, and cell
phones because computers the size of record courts don't make sense, computers
take too much energy to be portable, and nobody wants to carry around a
suitcase all day to make a phone call.

It's all part of technological maturation.

~~~
spookthesunset
> Yes, there is a gap, but that will be closing quickly.

Bitcoin is more than 10 years old. That is almost as old as 1st generation
iPhones. How much longer do we have to wait to fix these deeply fundamental
flaws in the stack?

> It's all part of technological maturation.

An alternative interpretation might be that Bitcoin is fundamentally broken
and isn't a useable technology.

~~~
hanniabu
Bitcoin is 10 years old and may or may not be broken depending on the end use
case, but that isn't the only crypto/ blockchain project. For you to center
the conversation around those arguments shows you're not very informed on the
topic.

A lot of developmental progress in the ecosystem with models/architectures,
tools, and infrastructure hasn't happened until recently (past year, give or
take).

~~~
spookthesunset
> For you to center the conversation around those arguments shows you're not
> very informed on the topic.

I've been following Bitcoin for almost its entire life and am probably vastly
more informed than most of the shysters who show up on sites like HN to shill
their coin.

> A lot of developmental progress in the ecosystem with models/architectures,
> tools, and infrastructure hasn't happened until recently (past year, give or
> take).

I've heard this line forever. Lightning network, for example, has been "just
around around the corner" since forever. So far, it is still just as "just
around the corner" as it was 5 or 6 years ago and ranks among the top all-time
vaporware software projects out there.

The attempt to refocus on "The Blockchain" is only done to distract from the
fact that Bitcoin, poster child of "The Blockchain" has no lawful use. It
doesn't scale, it isn't free, it isn't trustless, it isn't censorship
resistant, it isn't a good store of value, it isn't instant and it isn't
anonymous. It isn't even deflationary (as if that is a good thing) because it
has been forked and cloned thousands of times. Oh yeah, it also requires more
energy than small nations to secure. (And don't feed me the line about it
being "green energy" or "less than conventional banking"–we both know that is
a laugably horseshit argument)

The whole space is a joke. Aside from self-driving cars, Bitcoin will be the
biggest overhyped pile of complete nonsense this decade.

~~~
RustyRussell
> So far, it is still just as "just around the corner" as it was 5 or 6 years
> ago and ranks among the top all-time vaporware software projects out there.

The paper was released April 2015. Progress is definitely slower than I'd
like, but wanted to correct this claim.

[ Disclaimer: lightning developer and specification guide ]

~~~
bduerst
Lightning was talked about before the release of the whitepaper, along with a
number of other side-chains, off-chains, etc. None of have really been the
magic bullet they claimed to be.

------
fabian2k
If I understand this correctly, this is quite a flaw in the design of the
client. The message is shown in the client, but is simply the response of an
essentially random server in the network. That response is displayed with full
formatting in the client as if it were an error message by the client itself.

I never used any of this, but it really doesn't look to me like it is
unreasonable to assume that error messages like this are created by the
client, not an untrusted server. Untrusted servers should not be able to
inject content like this.

------
shiado
Looking at the commit, I am wondering if there is still a vulnerability in
sending error messages. What if the malicious server DOS'd the client by
sending an extremely long error message crashing the client when it tries to
render it. This also doesn't stop a simple plaintext message that has a
phishing message like "Your machine has been hacked and your keys have been
compromised, please transfer x BTC to y address within 5 minutes to prevent
your private keys from being immediately drained".

~~~
leppr
Yea, only allowing servers to send a naked error code matched against a list
of preloaded human-readable strings on the clients seems to be the only option
that's actually social-engineering proof.

If custom error messages are really needed, you could allow them as a special
option while making it obvious through the client UI that this is sent from an
untrusted source (field hidden by default, warning displayed when full error
message is expanded).

The safest option now is just to consider Electrum as insecure by default.
Same with Ethereum's Parity desktop and Metamask. They're convenient for day
to day use but don't trust them with big amounts.

EDIT: Seems that's already been discussed in the issue:
[https://github.com/spesmilo/electrum/issues/4968#issuecommen...](https://github.com/spesmilo/electrum/issues/4968#issuecomment-450169512)

------
tdons
The related GitHub issue:
[https://github.com/spesmilo/electrum/issues/4968](https://github.com/spesmilo/electrum/issues/4968)

------
yqh
Just by looking at the screenshot I already knew the "Electrum" client was
written using Qt. :P

QMessageBox displays text as HTML (formatting, links and all) by default,
which I've always thought is a terrible choice.

------
yongjik
Wow the mod comment on the reddit thread is golden:

[https://old.reddit.com/r/CryptoCurrency/comments/a9yji3/elec...](https://old.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/)

> Just to clarify the "hacked" part of the title:

> Technically speaking, even though the term 'hacked' is broad, what happened
> was an attacker utilized the server response/messaging capability to phish
> users (it was more convincing because rich text was allowed to display in
> the electrum client). The message provided a link to "upgrade electrum", but
> was actually installing a malicious clone.

> The attacker amplified their reach by spinning up more malicious servers
> which could loosely be considered a sybil attack.

> People using the correct wallet software and not clicking any links are
> unaffected. Electrum was no more "hacked" than gmail is hacked every time
> one of their users is sent a phishing email

~~~
thisacctforreal
People expect to be phished when opening emails in Gmail, they don't expect to
have to distrust native app dialogs.

------
zuck9
This is another reminder of why people should be using hardware wallets.

It is relatively super cheap compared to the value of 1 BTC.

~~~
dcosson
It all depends what you calculate to be the biggest risks that you're
protecting against. If it's collapse of world civilization, or at least your
own country's institutions, then storing your own coins makes sense, and yeah
a hardware wallet is a better way to store it than on your computer.

On the other hand, if you're more worried about getting hacked or simply
losing your private keys, having your house broken into and the wallet stolen,
etc. you're probably better off putting it in Coinbase with a strong password
and 2FA enabled. The same way you protect other things you care about like
your bank account and 401k.

It's odd to me that this is so highly frowned upon in the cryptocurrency
communities though. People with very little knowledge about computers or
infosec are constantly pressured into storing their own coins, which is
fundamentally pretty user-unfriendly just due to the irreversible nature of it
where you can't make a single mistake.

~~~
root_axis
Cryptocurrencies are the worst possible store of value against the collapse of
civilization. Did you forget that you need a functioning internet and
electrical grid to use cryptocurrencies? This type of thinking does not
reflect a realistic perspective of how the world works.

~~~
nostrademons
They're a hedge against a particular _kind_ of collapse of society - one in
which the currency collapses (hyperinflation) or the nation-state backing the
currency collapses (revolution/coup/regime change/tyranny, followed by asset
seizures). If everybody is shooting each other and there's no food in the
stores, you're fucked regardless of how many Bitcoin you own. If there's a
nuclear attack and the electrical grid is knocked out, your Bitcoin isn't
going to be accessible. But if the hard assets & businesses are mostly
functional but just don't know how much they're going to get paid tomorrow
because the value of a dollar is 1/4 what it was today, Bitcoin is pretty
handy. And if the government decrees that the bank accounts of certain persons
who are politically opposed to it are now property of the government, Bitcoin
is pretty handy.

While I think a number of Bitcoin maximalists have the former couple scenarios
in mind, and agree that their beliefs are illogical, the latter two scenarios
are actually much, much more common in recent history. Think of Zimbabwe or
Venezuela in the present day, Greece in the financial crisis, Russia after the
fall of the Soviet Union in the 1990s, East Germany after the fall of the
Berlin Wall, Latin America seemingly every decade since the 1950s, or China
during the Cultural Revolution. Bitcoin could've saved lives and fortunes for
many of the people affected by these. Indeed, it's held up fairly well for
people in Venezuela and Zimbabwe, the two countries to face major currency
crises since Bitcoin's invention.

~~~
root_axis
> _They 're a hedge against a particular kind of collapse of society_

I'm sorry, but do you not see how absurd that sounds? It's a hedge against a
particular kind of societal collapse? This is just totally impractical. The
reality is that bitcoin traffic in Zimbabwe and Venezuela is extremely
miniscule; that's because you can't actually buy much of anything with
cryptocurrencies, especially useful goods like food, water, medicine and guns,
and trying to convert cryptocurrency into real money is fraught with obstacles
and risks (i.e. if you try to do an in-person conversion). Cryptocurrency is
not a realistic hedge against any kind of societal disruption.

------
mxscho
This reminds me of the countless malicious TeamSpeak servers who send out fake
"TeamSpeak needs an update: [evil-url]" messages with the server message or
poke feature. (The second one displays an arbitrary text in a simple message
box, e.g. sent by a bot when joining the server).

------
ziont
if this was a bank, he wouldve gotten it all back.

decentralize for the sake of it is foolish.

~~~
46456hfgfg
Yes, and we would all pay for this persons mistakes through increased
insurance premiums. What if I don't want to have to pay for someone elses
mistakes? What if there was a world in which one had to take responsibility
for their money? No do overs. This is cryptocurrency.

~~~
giornogiovanna
Okay, but you realize that most people _want_ insurance, right? In this case,
it wasn't even the guy's fault that Electrum displayed the hacker's message as
something official. Do you really want a society where some other person's
stupid mistakes can destroy your life?

~~~
wallacoloo
> most people

I’m pretty sure GP isn’t trying to say that _everyone_ should use Bitcoin. The
thing that gets annoying is that there _is_ a crowd that campaigns this, and
then other people (particularly in this comment section) fight back saying
_nobody_ should use Bitcoin.

The obvious fact which I feel is somehow being overlooked here is that
different people have different needs and there is no one-size-fits-all
solution to banking today.

~~~
Nursie
And those people will be perfectly happy until it affects them.

As a society, we tend to protect people from themselves because the other
option is to let them die on the streets when they lose it all. Making people
have insurance and using banks and payment systems that have built-in
protection, is far cheaper than providing welfare for those that would
otherwise be scammed out of every penny, irreversibly.

You can be a self-serving ubermensch the same day you opt out of all social
help.

~~~
feanaro
Opting out of all social help usually doesn't exist as an option at all.

~~~
Nursie
Indeed, and for good reason.

~~~
feanaro
Is it? It sounds like an unnecessary application of force. It also seems
disingenuous to phrase it as a choice but then admit there is no choice at
all.

~~~
Nursie
The point is that in this area people are terrible at making financial
choices, and only ever think in the short term. This is why we have (for
instance) laws about withdrawing funds from pension accounts etc. Because
otherwise people raid their own retirement funds and end up reliant on the
state.

There absolutely is a choice - you can politically campaign for the right to
opt out, or you can go and live in a country that doesn't have the protections
you don't want. Most of them are pretty damn awful because they don't look
after their citizens at all.

What you don't get to do is live in a society with such protections and social
measures and then not play by its rules.

~~~
feanaro
> The point is that in this area people are terrible at making financial
> choices, and only ever think in the short term.

It is hard for me to fully internalize this point when I have a counterexample
readily available, albeit one that will do nothing to convince you. I consider
myself capable of making sound financial decisions for myself and would never
raid my own pension account, unless faced with immediate existential danger
(in which case "raiding" it would be a rational decision).

I disagree that the solution to that is to centralize funds in order to let a
centralized body inefficiently misallocate (or sometimes outright steal) them
and would appreciate the freedom to do this myself. I think the state has too
much power and this is detrimental in the long run, as it is detrimental when
any single entity has too much power.

> There absolutely is a choice - you can politically campaign for the right to
> opt out, or you can go and live in a country that doesn't have the
> protections you don't want.

> What you don't get to do is live in a society with such protections and
> social measures and then not play by its rules.

I can certainly campaign politically, but that also includes respectfully
disagreeing with your conclusion above. This does not make your position right
and mine automatically wrong (nor vice versa).

The rest of the quoted part of your post sounds like another non-choice (in
that the it is highly impractical), followed by a moral judgement.

~~~
Nursie
> It is hard for me to fully internalize this point when I have a
> counterexample readily available, albeit one that will do nothing to
> convince you. I consider myself capable of making sound financial decisions

Many people do, many of these very same people are not actually competent when
it comes down to it, just overconfident, or just have a run of bad luck.

> I disagree that the solution to that is to centralize funds...

Who said anything about centralising or the state? You can invest in pension
funds all over the place, with many financial bodies, but you'll find access
to these funds restricted in various ways.

> The rest of the quoted part of your post sounds like another non-choice (in
> that the it is highly impractical)

It's perfectly practical, you can move to all sorts of other nations, take
your pick. It's a massive coincidence that the ones that are worth living in
have restrictions and protections like these, no?

------
21
I wonder how long it will take until people understand why nobody is "their
own bank" with their cash.

Getting hacked is one worry, I would worry even more about someone with a
wrench in my apartment.

------
lkdjjdjjjdskjd
Seems to me at least using Electrum for cold wallets as you should would not
have been susceptible to the attack.

------
magma17
This justify my paranoia about choosing 'random server'

------
ccnafr
Well-explained ZDNet article about it: [https://www.zdnet.com/article/users-
report-losing-bitcoin-in...](https://www.zdnet.com/article/users-report-
losing-bitcoin-in-clever-hack-of-electrum-wallets/)

You should have shared this link instead of that Reddit thread.

~~~
dang
Ok, we've changed to that from
[https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/elec...](https://www.reddit.com/r/CryptoCurrency/comments/a9yji3/electrum_wallet_hacked_200_btc_stolen_so_far/).
Thanks!

Please don't break the site guidelines by calling names or being personally
rude though:
[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html).
It's enough to offer a better link.

~~~
ccnafr
Thanks. Will do.

------
chabes
Another reminder to run your own full node.

If you use SPV wallets, you have to trust the nodes you connect to. Electrum
lets you connect to your own node.

~~~
lawn
This has nothing to do with SPV wallets. A full node client could suffer from
the same vulnerability.

~~~
chabes
No. The malicious links were from malicious nodes. You can run your own node,
and connect only to your node.

[https://github.com/chris-belcher/electrum-personal-
server](https://github.com/chris-belcher/electrum-personal-server)

