Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed
HomeCryptocurrency NewsCryptocurrencies Latest News

Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed

Popular wallet developer Electrum has issued an emergency patch for a critical bug in its bitcoin wallets. The flaw allowed any website hos...

$10 Trillion US Exchange Takes a Step Toward Crypto: Nasdaq Bids for Cinnober
Denmark’s Largest Bank Took Two Years to Close Accounts of Blacklisted Russian Clients
Less Than Two Months Away – Bitcoin Cash Upgrade Discussion Heats Up

Popular wallet developer Electrum has issued an emergency patch for a critical bug in its bitcoin wallets. The flaw allowed any website hosting the Electrum wallet to potentially steal the user’s cryptocurrency. A vulnerability meant that passwords were exposed in the JSONRPC interface, granting hackers complete control of the wallet. The first patch failed to fix the problem however, forcing Electrum to issue a second update on Sunday evening. 

Also read: Bittrex Wallets Are Taken Offline as Companies Scramble to Patch the Intel Bug

A Quick Fix to a Long-Standing Problem

Last week, the tech world was rocked by news of a bug in Intel computer chips that had lain undiscovered for years. It’s a similar story with the Electrum wallet vulnerability, with some reports stating that it had been in existence for over two years. Google vulnerability researcher Tavis Ormandy claims to have discovered the bug, though the flaw had been flagged last year. Within hours of Ormandy pointing out the vulnerability, Electrum had rushed out a patch to remedy it.

Electrum Moves Fast to Patch Bug That Left Bitcoin Wallets ExposedIn a Bitcointalk forum post, site admin Theymos explained: “If at any point in the past you had Electrum open with no wallet passphrase set; and had a webpage open then it is possible that your wallet is already compromised. Particularly paranoid people might want to send all of the BTC in their old Electrum wallet to a newly-generated Electrum wallet.”

He later updated his post, adding: “If you had no wallet password set, then theft is trivial. If you had a somewhat-decent wallet password set, then it seems that an attacker could “only” get address/transaction info from your wallet and change your Electrum settings, the latter of which seems to me to have a high chance of being exploitable further. So if you had a wallet password set, you can reduce your panic by a few notches, but you should still treat this very seriously.”

Fatally Flawed

The individual who first reported the flaw on Github on November 24 explained: “While the electrum daemon is running, someone on a different virtual host of the web server could easily access your wallet via the local RPC port. Currently, there is no security/authentication, giving someone access to the RPC port full access to the wallet.”

Electrum Moves Fast to Patch Bug That Left Bitcoin Wallets Exposed

Electrum is free software that’s used by numerous cryptocurrency sites, including merchants and exchanges, to store bitcoin. Anyone can run an Electrum server and the software supports hardware wallets such as Trezor, Ledger and Keepkey. Enhanced features include multi-sig and the ability to sign transactions using a cold storage device that isn’t connected to the web.

The bug seems to have been fixed before any damage was done – albeit at the second attempt after the first patch proved ineffective – though given the length of time it lay undiscovered, it is hard to say for certain that no funds were stolen. The case illustrates, once again, the risks of leaving bitcoin stored in a web wallet.

Do you feel comfortable storing your bitcoin in a web wallet? Let us know in the comments section below.


Images courtesy of Electrum and Github.


Want to create your own secure cold storage paper wallet? Check our tools section.

The post Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed appeared first on Bitcoin News.



from Bitcoin News http://ift.tt/2AFOEre
Name

Bitcoin News,5117,Bitcoinist.com,4741,Cryptocurrencies,4741,Cryptocurrencies Latest News,5117,Cryptocurrency Latest News,4741,Cryptocurrency News,9858,
ltr
item
Cryptocurrency Latest News: Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed
Electrum Moves to Patch Bug That Left Thousands of Bitcoin Wallets Exposed
http://ift.tt/2qHpzN8
Cryptocurrency Latest News
http://cryptocurrencylatest.blogspot.com/2018/01/electrum-moves-to-patch-bug-that-left.html
http://cryptocurrencylatest.blogspot.com/
http://cryptocurrencylatest.blogspot.com/
http://cryptocurrencylatest.blogspot.com/2018/01/electrum-moves-to-patch-bug-that-left.html
true
1236144943044321696
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS CONTENT IS PREMIUM Please share to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy