“Critical vulnerability in Electrum; SHUT DOWN ELECTRUM IMMEDIATELY and upgrade.”


#1

“Critical vulnerablity in Electrum; SHUT DOWN ELECTRUM IMMEDIATELY and upgrade.” — https://bitcointalk.org/index.php?topic=2702103.0

https://electrum.org/

  1. If you are running Electrum, shut it down right this second.
  2. Upgrade to 3.0.5 (making sure to verify the PGP signature).

You don’t necessarily need to rush to upgrade. In fact, in cases like this it can be prudent to wait a while just to make sure that everything is settled. The important thing is to not use the old versions. If you have an old version sitting somewhere not being used, then it is harmless as long as you do not forget to upgrade it before using it again later.

If at any point in the past you:

  • Had Electrum open with no wallet passphrase set; and,
  • Had a webpage open

Then it is possible that your wallet is already compromised. Particularly paranoid people might want to send all of the BTC in their old Electrum wallet to a newly-generated Electrum wallet.

[…]

[…] all versions from 2.6 to 3.0.3 are affected by the vulnerability.


Security PSA: Ensure strong credentials in nu.conf if using RPC (server=1)