BSV
$53.64
Vol 51.26m
0.29%
BTC
$96985
Vol 62008.49m
-0.51%
BCH
$451.01
Vol 377.89m
2.91%
LTC
$99.7
Vol 973.93m
2.99%
DOGE
$0.32
Vol 7660.25m
4.71%
Getting your Trinity Audio player ready...

Electrum wallet just deployed an emergency patch to fix critical security risk.

On Saturday, Electrum devs were sent into a panic, pushing them to release an emergency patch along with an urgent message saying everyone using their Electrum wallets must stop doing so immediately and upgrade to the patched version. Apparently, having the wallet open while browsing the web allows any website to steal users’ BTC.

Wallets with no passphrases set are also considered compromised, whether they surfed the web or not while the wallet was open. Those with weak passwords are also at risk.

The security notice on Electrum’s website links to a post by Theymos (r/bitcoin moderator) on BitcoinTalk, where they urged users to shut down the wallet and upgrade to the new version. The post has been updated to say that the first patch attempt is still vulnerable, and that users must upgrade to version 3.0.5. And that it in fact is safer to just move all their BTC to a newly generated Electrum wallet altogether.

Electrum to the public: “if you are running Electrum, shut it down right this second”

White hat hacker and Google vulnerability researcher Tavis Ormandy says he stumbled upon it while checking out the software included in Tails, an anonymity and privacy-focused live operating system bootable from a USB stick.

Ormandy says that although he just pointed out the issue to Electrum last Saturday, pushing them to start working on a fix, the issue has already been pointed out last year.

Recommended for you

Who wants to be an entrepreneur?
Embodying the big five personality traits could be beneficial for aspiring entrepreneurs, but Block Dojo shows that there is more...
December 20, 2024
UNISOT, PSU China team up for supply chain business intelligence
UNISOT revealed a new partnership with business intelligence and research firm PSU China, which will combine its data with UNISOT's...
December 20, 2024
Advertisement
Advertisement
Advertisement