A fishing malware scheme has been spotted targeting electrum wallet users. Electrum users are advised to read the warning explainer that has been setup here.

Users of many versions of Electrum released may see messages as pictured when attempting to send a transaction with their wallet. The message, or some variation of, purports that a security update is required to continue.

This is not the case.

The message is generated by the server you are connected to, and contains a link to a malicious modification of the wallet which, if installed, will result in the immediate theft of all of your money. If you install any software shown in a message such as this you have no recourse to recover your funds.

Recently a physical attack vector on the Trezor One hardware wallet was disclosed by a security researched called Sunny, Trezor was quick to release a firmware update 1.6.1 but the researcher realized that another attack vector of the same type was possible so SatoshiLabs released the new firmware update 1.6.3 on the 30th of August.

Trezor comes with a tamper-evident seal and the attack vector only affects tampered devices, so if you bought your Trezor used or if it came with the seal broken, make sure you update the firmware first then set it up. If you’re updating an older Trezor, make sure to have the correct recovery seed on hand as you’ll need it to set it up.

The newest firmware verifies the authenticity of the bootloader in the device. The bootloader checks the signature of the firmware. If both are genuine, your device will not display a warning, and therefore your Trezor is safe to use.

Source

A timewarp attack on Bitcoin allows malicious miners to game the timestamp system to allow them to increase the rate of block generation beyond what the blockchain meant it to be. This attack has been possible since 2012 and was demonstrated on the testnet.

This was dismissed as an unimportant issue for the past few years as it requires the majority of hashrate and is easily blocked once someone starts using it.

Some concerns were raised on bitcoin-dev regarding potential vulnerabilities with some Javascript based crypto applications, more precisely the use of SecureRandom() function which collects entropy and includes a PRNG (Pseudo Random Number Generator).

TL;DR

The conclusion seems to be that at least all wallets generated by js tools inside browsers since bitcoin exists until 2011 are impacted by the Math.random weakness if applicable to the related implementations, the Math.random or RC4 (Chrome) weakness between 2011 and 2013, and RC4 weakness for Chrome users until end of 2015