Electrum Vulnerability Puts Funds at Risk


Electrum is a Bitcoin wallet that is a fast and reliable client available for Linux, Android, OSX, and Windows platforms. And it comes with cold storage option.
Learn more about various types of Bitcoin Wallets here.
Effects of the Vulnerability
If you have done the following in the past,

  • A webpage open, and
  • No password has been set, and the Electrum client is running

You might have already affected. As a precaution, you must shut down the wallet immediately and should set a password.
The vulnerability allows any website to steal the funds through JavaScript (A favorite programming language that often runs on a web browser on behalf of a site you are visiting) manipulation.
Even if you have had set a wallet password that does not guarantee your funds are totally safe. The vulnerability still allows a potential hacker to explore your transaction data and can tweak the electrum wallet settings.
So, you must shut down the client immediately.
Also, beware that any clients built using the clones of Electrum, and any derivatives must also follow the respective official website to know whether they are affected.
A new version is available now which is 3.0.5.
There is news that some versions are not affected by the issue. That might not be entirely true, and you should not risk funds based on those things.
Every version from 2.6 to 3.0.3 are found affected by the vulnerability. And it is not sure whether 3.0.4 is resistant to the weakness seen or not. Anyhow, upgrading to 3.0.5 is highly essential.
Last year funds in Parity Multi-Sig wallet have been put into lock accidentally due to a vulnerability. And it is becoming controversial that how far this kind of bugs do damage.
Anyhow, one must keep himself up to date with the Cryptocurrency world. And should only use wallets that have high levels of community adoption and reputation.
If you have already lost funds, do not panic, and be patient for more news. Make yourself updated with the Bitcoin Talk forum that may give you updates.
About The Author
Ana Kristia an expert on cryptocurrencies with a Master’s Degree in computer science.