Electrum Phishing Attack - Upstream Fix Committed
Originally created by @tailshark on #16421 (Redmine)
As part of this ticket, reintroduce the test case i.e. revert f092b0d6.
Initial report:
I was using Tails (newest version) and stumbled over this a few hours ago.
When broadcasting a Bitcoin transaction it would come back telling me to manually upgrade Electrum with a link. I thought this was suspicious as the response was rich text and my hygiene (cyber or otherwise) is amazing.
Did a little digging and this:
https://github.com/spesmilo/electrum/issues/4968Bottom line: Attacker electrum nodes in the wild are able to send custom responses to Electrum <v3.3.3. Tails looks like it’s at v3.1.3 at present. Electrum devs responded with a counter-move. They started upgrading Electrum nodes to authorize your transaction but shout at you for using an older version.
Current user experience: At this time every Electrum transaction on Tails shouts at me. It’s either the phishing response trying to bait me into installing the backdoored Electrum (and the transaction fails) OR it’s a legitimate Electrum node that authorizes the transaction but tells me I’m on a vulnerable version.
At this time it looks like the attack requires user participation to manually go and install stuff from the attacker site(s). I’m not sure how many Tails users this would actually pwn since Tails users are here for a reason. But at the very least it might freak people out. I checked all the doors & hatchets myself when seeing the phising response for the first time.
Thought I would share before you get a ticket like this one:
“I’m lose 12 BTC $42k, from an UPDATE SHOW ME ON 3.3.3 OFFICIAL !!!! my family going to dead #5064”
Feature Branch: bugfix/16421-fix-electrum+force-all-tests
Related issues
- Related to #16564 (closed)
- Related to #16565 (closed)
- Blocks #16969
- Blocks #9732
- Blocks #15483 (closed)