Beware of phishing messages in Electrum

A bug in old versions of legit electrum is being exploited by scammers to send people phishing messages. Users are advised to not follow any links in electrum error messages. The developer Somber Night summarizes the situation best:

To users: when you broadcast a transaction, servers can tell you about errors with the transaction. In Electrum versions before 3.3.3, this error is arbitrary text, and what’s worse, it is HTML/rich text (as that is the Qt default). So the server you are connected to can try to trick you by telling you to install malware (disguised as an update). You should update Electrum from the official website so that servers can no longer do this to you. If you see these messages/popups, just make sure you don’t follow them and that you don’t install what they tell you to install. The messages are just messages, they cannot hurt you by themselves.

If you see such a message and it’s stopping you from spending your bitcoins just switch to a different server.  Also update to the latest electrum from the official site.

In Electrum 3.3.4 and later the phishing messages are no longer shown but Electrum servers can still stop you from spending your coin. So once again you should simply switch to a different server.

The evolution of malware targeting Electrum users

Malware authors only put in the minimum effort needed to steal from users. In the past it was pretty easy for them to put up a fake electrum site and then advertise it on google adwords. The ad would show up above search results and newbie users would click on it, download the malware versions and receive bitcoin to wallets created with it only to find the coins stolen shortly afterwards.

Continue reading The evolution of malware targeting Electrum users