Malware Wallet ‘Electrum Pro’ Stealing Seed Keys

[ghostly_s]

It seems utterly, utterly insane to me that the vendor of a currency wallet software would leave the .com of their product's name unregistered. Using the real Electrum at home but second-guessing that now.

[marceloneil]

Apparently the previous owner of the domain was trying to sell it for "the price of a house", not something an open-source project can typically afford.

[0]: https://www.reddit.com/r/Bitcoin/comments/8a1drz/psa_electru...

[literallycancer]

By definition, the market value of that domain has to be close to the value of all BTC that ever gets stolen by the copycat malware.

Doesn't seem like something a project with no budget can afford.

[drexlspivey]

Thomas Voegtlin (creator of electrum) said on reddit that they tried to buy the domain in 2012 but it was too expensive. https://www.reddit.com/r/Bitcoin/comments/8a1drz/psa_electru...

[ufo]

The github link has a better explanation to what is going on:

https://github.com/spesmilo/electrum-docs/blob/master/decomp...

[honopu]

I'm not a python guy, but from the screenshots I don't see where it is requesting something other than the version, I don't see where it appends the seed keys or anything on the check version request, but I don't use this or any wallet to care enough to verify.

[nebulous1]

On line 246 where the thread is created, you'll see that it's actually passing in the seed, not the version.

[bhhaskin]

Looks like the version is actually the seed.

  self.thread_v1 = threading.Thread(target=self.verify_version_thread, args=(seed,))

[honopu]

Oh I see thank you :)

[onetimemanytime]

I guess this is like storing mined 1800's gold in one's home. Totally unsecured, especially for the average Joe. Once it's gone, it's gone.

[LeoPanthera]

The whole point of Bitcoin (at least originally) was "be your own bank".

Users learnt really damn fast why securing a bank is hard.