Slow Mist: Electrum's "Update Phishing" Supplementary Alert on Coin Theft Attacks

Electrum is a world-renowned Bitcoin light wallet that supports multi-signature, has a long history, and has a very wide user group. Many users like to use Electrum as a cold wallet or multi-sign wallet for Bitcoin or even USDT (Omni). Based on this usage scenario, Electrum will be used less frequently on user computers. The latest version of Electrum is 3.3.8, and known versions prior to 3.3.4 have a "message defect" that allows an attacker to send "update tips" through a malicious ElectrumX server. This "Update Tip" is very confusing for users, if you download the so-called new version of Electrum according to the prompt, you may be successful. According to user feedback, as a result of this attack, more than four digits of stolen Bitcoins were stolen. This captured theft attack was not stealing private keys (in general, Electrum's private keys are stored in two-factor encryption), but instead replaced the transfer destination address when the user initiated the transfer. Here we remind users that when transferring funds, they need to pay special attention to whether the destination address has been replaced. This is a very popular way of stealing money recently. It is also recommended that users use hardware wallets such as Ledger. If it is used with Electrum, although the private key will not have any security problems, it is also necessary to be alert to the situation where the target address is replaced.