A fishing malware scheme has been spotted targeting electrum wallet users. Electrum users are advised to read the warning explainer that has been setup here.

Users of many versions of Electrum released may see messages as pictured when attempting to send a transaction with their wallet. The message, or some variation of, purports that a security update is required to continue.

This is not the case.

The message is generated by the server you are connected to, and contains a link to a malicious modification of the wallet which, if installed, will result in the immediate theft of all of your money. If you install any software shown in a message such as this you have no recourse to recover your funds.

An efficient re-implementation of Electrum was recently developed by Roman Zeyde. It allows users to run an Electrum server on their machine with a required hardware not much more than a full node, it indexes the entire blockchain and the resulting index enables fast queries, this allows users to keep real time tracking of their wallets and transactions. As it uses the user’s machine, there is no need for the user to send requests to an external Electrum server preserving privacy for its users. It offers low CPU and memory usage, low index storage overhead and fast synchronization to the blockchain.

You can check out the implementation on Github from here.

Electrum is a popular Bitcoin wallet, distributed on electrum.org and spesmilo/electrum.

A few weeks ago scammers bought the electrum dot com domain and started using it to distribute a modified malware version of electrum called ElectrumPro to steal its user’s bitcoins.

The electrum team published a decompiling guide for ElectrumPro binary on windows to proove that it is indeed stealing users:

This document describes how to decompile the “Electrum Pro” Windows binaries, and how to verify that they indeed contain bitcoin-stealing malware. We previously warned users against “Electrum Pro”, but we did not have formal evidence at that time.