Electrum Fishing Scheme Warning

A fishing malware scheme has been spotted targeting electrum wallet users. Electrum users are advised to read the warning explainer that has been setup here.

A malicious notification popup with a clickable link.

Users of many versions of Electrum released may see messages as pictured when attempting to send a transaction with their wallet. The message, or some variation of, purports that a security update is required to continue.

This is not the case.

The message is generated by the server you are connected to, and contains a link to a malicious modification of the wallet which, if installed, will result in the immediate theft of all of your money. If you install any software shown in a message such as this you have no recourse to recover your funds.

The only distributions of the Electrum wallet are from the electrum.org domain, and the only repository on GitHub which contains legitimate software is https://github.com/spesmilo/electrum. Updating to the most recent versions of the client from these locations will prevent the display of these messages, but many package distributions and distributions of linux will still contain vulnerable versions.

If you have installed a malicious version, it is unknown what effcts this might have beyond loss of funds. Assume your computer is otherwise compromised or backdoored, and act accordingly.

Support us and the authors of this article by donating to the following address:


Comments powered by Talkyard.