
Malware Wallet ‘Electrum Pro’ Stealing Seed Keys - noeatnosleep
https://blockexplorer.com/news/electrum-pro-steals-seeds/
======
ghostly_s
It seems utterly, utterly insane to me that the vendor of a _currency wallet
software_ would leave the .com of their product's name unregistered. Using the
real Electrum at home but second-guessing that now.

~~~
marceloneil
Apparently the previous owner of the domain was trying to sell it for "the
price of a house", not something an open-source project can typically afford.

[0]:
[https://www.reddit.com/r/Bitcoin/comments/8a1drz/psa_electru...](https://www.reddit.com/r/Bitcoin/comments/8a1drz/psa_electrumcom_bought_by_scammers_to_distribute/dwv3k10/)

------
ufo
The github link has a better explanation to what is going on:

[https://github.com/spesmilo/electrum-
docs/blob/master/decomp...](https://github.com/spesmilo/electrum-
docs/blob/master/decompiling_guide.md#6-a-look-at-the-output)

------
honopu
I'm not a python guy, but from the screenshots I don't see where it is
requesting something other than the version, I don't see where it appends the
seed keys or anything on the check version request, but I don't use this or
any wallet to care enough to verify.

~~~
bhhaskin
Looks like the version is actually the seed.

    
    
      self.thread_v1 = threading.Thread(target=self.verify_version_thread, args=(seed,))

~~~
honopu
Oh I see thank you :)

------
onetimemanytime
I guess this is like storing mined 1800's gold in one's home. Totally
unsecured, especially for the average Joe. Once it's gone, it's gone.

~~~
LeoPanthera
The whole point of Bitcoin (at least originally) was "be your own bank".

Users learnt really damn fast why securing a bank is hard.

