Electrum to the public: “if you are running Electrum, shut it down right this second”

Electrum wallet just deployed an emergency patch to fix critical security risk.

On Saturday, Electrum devs were sent into a panic, pushing them to release an emergency patch along with an urgent message saying everyone using their Electrum wallets must stop doing so immediately and upgrade to the patched version. Apparently, having the wallet open while browsing the web allows any website to steal users’ BTC.

Wallets with no passphrases set are also considered compromised, whether they surfed the web or not while the wallet was open. Those with weak passwords are also at risk.

The security notice on Electrum’s website links to a post by Theymos (r/bitcoin moderator) on BitcoinTalk, where they urged users to shut down the wallet and upgrade to the new version. The post has been updated to say that the first patch attempt is still vulnerable, and that users must upgrade to version 3.0.5. And that it in fact is safer to just move all their BTC to a newly generated Electrum wallet altogether.

Electrum to the public: “if you are running Electrum, shut it down right this second”

White hat hacker and Google vulnerability researcher Tavis Ormandy says he stumbled upon it while checking out the software included in Tails, an anonymity and privacy-focused live operating system bootable from a USB stick.

Ormandy says that although he just pointed out the issue to Electrum last Saturday, pushing them to start working on a fix, the issue has already been pointed out last year.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.